Fix Docker file permission issue (#3323)

* Update Dockerfile

* Use the slim-bookworm image, refactored some steps

* Disable user login

* Capitalize comment

---------

Co-authored-by: Taku <[email protected]>

Dockerfile

@@ -1,20 +1,38 @@
-FROM python:3.10 as py
+FROM python:3.11-slim-bookworm as base
 
-FROM py as build
+RUN apt-get update &&  \
+    apt-get install --no-install-recommends -y \
+    # Install CairoSVG dependencies.
+    libcairo2 && \
+    # Cleanup APT.
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    # Create a non-root user.
+    useradd --shell /usr/sbin/nologin --create-home -d /opt/modmail modmail
 
-RUN apt update && apt install -y g++ git
+FROM base as builder
 
-COPY requirements.txt /
-RUN pip install --prefix=/inst -U -r /requirements.txt
+COPY requirements.txt .
 
-FROM py
+RUN pip install --root-user-action=ignore --no-cache-dir --upgrade pip wheel && \
+    python -m venv /opt/modmail/.venv && \
+    . /opt/modmail/.venv/bin/activate && \
+    pip install --no-cache-dir --upgrade -r requirements.txt
 
-COPY --from=build /inst /usr/local
+FROM base
 
-ENV USING_DOCKER yes
-RUN useradd --system --no-create-home modmail
-USER modmail
+# Copy the entire venv.
+COPY --from=builder --chown=modmail:modmail /opt/modmail/.venv /opt/modmail/.venv
+
+# Copy repository files.
+WORKDIR /opt/modmail
+USER modmail:modmail
+COPY --chown=modmail:modmail . .
+
+# This sets some Python runtime variables and disables the internal auto-update.
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PATH=/opt/modmail/.venv/bin:$PATH \
+    USING_DOCKER=yes
 
-WORKDIR /modmailbot
 CMD ["python", "bot.py"]
-COPY --chown=modmail:modmail . /modmailbot