[Bug]: Unexpected files and directories in the Docker image’s work directory

[matteovivona]

What happened?

While inspecting the Docker image, I noticed that the work directory contains files that should not be present in a production image. Here is the content of the work directory:

# pwd
/chroma
# ls -al
total 344
drwxr-xr-x  1 root root   4096 Jan 20 08:22 .
drwxr-xr-x  1 root root   4096 Jan 20 08:21 ..
drwxr-xr-x  2 root root   4096 Jan 14 22:19 .config
-rw-r--r--  1 root root    149 Jan 14 22:19 .dockerignore
-rw-r--r--  1 root root    148 Jan 14 22:19 .gitattributes
drwxr-xr-x  5 root root   4096 Jan 14 22:19 .github
-rw-r--r--  1 root root    604 Jan 14 22:19 .gitignore
-rw-r--r--  1 root root   1889 Jan 14 22:19 .pre-commit-config.yaml
-rw-r--r--  1 root root     34 Jan 14 22:19 .taplo.toml
-rw-r--r--  1 root root 168207 Jan 14 22:19 Cargo.lock
-rw-r--r--  1 root root   2221 Jan 14 22:19 Cargo.toml
-rw-r--r--  1 root root   3618 Jan 14 22:19 DEVELOP.md
-rw-r--r--  1 root root   2164 Jan 14 22:19 Dockerfile
-rw-r--r--  1 root root   1239 Jan 14 22:19 Dockerfile.windows
-rw-r--r--  1 root root  11357 Jan 14 22:19 LICENSE
-rw-r--r--  1 root root   5255 Jan 14 22:19 README.md
-rw-r--r--  1 root root   1021 Jan 14 22:19 RELEASE_PROCESS.md
-rw-r--r--  1 root root   4833 Jan 14 22:19 Tiltfile
-rw-r--r--  1 root root    177 Jan 14 22:19 bandit.yaml
drwxr-xr-x  4 root root   4096 Jan 14 22:19 bin
drwxr-xr-x  2 root root   4096 Jan 20 08:22 chroma
-rw-r--r--  1 root root   2736 Jan 20 08:29 chroma.log
drwxr-xr-x  1 root root   4096 Jan 20 08:21 chromadb
-rw-r--r--  1 root root      0 Jan 14 22:19 compose-env.linux
-rw-r--r--  1 root root     53 Jan 14 22:19 compose-env.windows
drwxr-xr-x  5 root root   4096 Jan 14 22:19 deployments
-rw-r--r--  1 root root    434 Jan 14 22:19 docker-compose.server.example.yml
-rw-r--r--  1 root root    838 Jan 14 22:19 docker-compose.test-auth.yml
-rw-r--r--  1 root root    461 Jan 14 22:19 docker-compose.test.yml
-rw-r--r--  1 root root   1672 Jan 14 22:19 docker-compose.yml
drwxr-xr-x  6 root root   4096 Jan 14 22:19 go
drwxr-xr-x  3 root root   4096 Jan 14 22:19 idl
drwxr-xr-x  4 root root   4096 Jan 14 22:19 k8s
-rw-r--r--  1 root root    187 Jan 14 22:19 main.py
-rw-r--r--  1 root root    468 Jan 14 22:19 pull_request_template.md
-rw-r--r--  1 root root   2140 Jan 14 22:19 pyproject.toml
-rw-r--r--  1 root root    576 Jan 14 22:19 requirements.txt
-rw-r--r--  1 root root    450 Jan 14 22:19 requirements_dev.txt
drwxr-xr-x 16 root root   4096 Jan 14 22:19 rust
-rw-r--r--  1 root root     84 Jan 14 22:19 yarn.lock

I see a lot of various development-related files here (.github, .gitignore, Dockerfile.windows, DEVELOP.md, requirements_dev.txt). I can open a PR, but I need some guidance.

Versions

chromadb/chroma:0.6.3

Relevant log output

[tazarov]

hey @matteovivona, thanks for raising this. You are right about the extra files. But it goes even further specifically to using root user to run Chroma which in some settings may be considered unsafe.

There's prior work on this in the Chroma chart here - https://github.com/amikos-tech/chromadb-chart/blob/main/image/Dockerfile.

The reason this hasn't been addresses as it is not a priority for the team right now, but feel free to push a PR with what you have in mind.

[matteovivona]

hey @matteovivona, thanks for raising this. You are right about the extra files. But it goes even further specifically to using root user to run Chroma which in some settings may be considered unsafe.

There's prior work on this in the Chroma chart here - https://github.com/amikos-tech/chromadb-chart/blob/main/image/Dockerfile.

The reason this hasn't been addresses as it is not a priority for the team right now, but feel free to push a PR with what you have in mind.

thank you for your lightning-fast reply! I will see if I can create a pr with an updated .dockerignore