The container previously required starting as root to handle PUID/PGID/UMASK
and chown the config volume. This made it incompatible with Kubernetes Pod
Security Standards (runAsNonRoot, capability dropping) and hardened Docker
setups.
The entrypoint now detects if it is already running as a non-root user and
skips all privilege operations, execing the app directly. Volume ownership
is expected to be handled externally (K8s fsGroup, pre-provisioned storage).
A build-time profilarr user (UID/GID 1000) is added to the image so tooling
that requires a named passwd entry is satisfied. Existing root/PUID/PGID
behaviour is unchanged.
Co-authored-by: ppaslan <pal@aslan.cx>
feat: add concurrent, async requests to improve profile / format import performance
feat: optimise cf prefetching, reduce verbose logging
- now only make single request, then propagate changes to remaining profiles
- remove verbose logging
fix: increase Gunicorn worker timeout to 10 minutes to prevent timeouts during database syncing operations
