feat: Add rootless Docker support (#574)

* feat: Add rootless Docker support

Implements #547 - Add support for rootless Docker images to avoid permission issues.

Key changes:
- Add Dockerfile.rootless that runs as UID 1000 by default
- Create simplified entrypoint script without chown operations
- Add build-rootless.py to build rootless variants with -rootless suffix
- Document rootless usage in README-ROOTLESS.md
- Update main README with rootless section

The rootless images eliminate common permission problems by:
- Running as non-root from the start (USER 1000:1000)
- Avoiding recursive chown operations that can cause race conditions
- Using open permissions (777) on directories during build
- Not supporting PUID/PGID environment variables

This provides a cleaner solution for rootless Docker users and those
experiencing permission issues with volumes.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: Address linting issues in rootless Docker implementation

- Add --no-install-recommends to apt-get install in Dockerfile
- Consolidate consecutive RUN instructions in Dockerfile
- Fix shellcheck warnings: quote variables and use -n instead of \! -z
- These changes improve best practices without affecting functionality

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* feat: Add rootless image building to CI pipeline

- Update docker-build.yml workflow to build rootless variants
- Rootless images are built after regular images with -rootless suffix
- Both use the same multi-architecture build process
- Triggered automatically when buildinfo.json changes

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* refactor: Unify build system for regular and rootless images

- Create build-unified.py that handles both regular and rootless builds
- Convert build.py and build-rootless.py to wrapper scripts for backwards compatibility
- Update CI workflow to use unified build command
- Add BUILD_MIGRATION.md documentation
- Eliminate code duplication between build scripts
- Support flexible build options: --rootless, --both, --only-stable-latest

This maintains all existing functionality while providing a cleaner, more maintainable build system.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* chore: Add Python cache to .gitignore and remove from repo

- Add __pycache__/ and Python compiled files to .gitignore
- Remove accidentally committed __pycache__ directory
- Prevent future Python cache files from being tracked

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* refactor: Replace build system with unified solution

- Remove old build.py and build-rootless.py wrapper scripts
- Rename build-unified.py to build.py as the main build script
- Delete BUILD_MIGRATION.md (no longer needed)
- Update CI workflow to use new build.py syntax
- Update documentation in CLAUDE.md and README-ROOTLESS.md

The new build system provides all functionality in a single script:
- Default: builds regular images
- --rootless: builds only rootless images
- --both: builds both regular and rootless images
- --multiarch and --push-tags: work as before

This creates a cleaner, more maintainable build system.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* docs: Consolidate rootless documentation and mark as experimental

- Remove separate README-ROOTLESS.md file
- Integrate rootless documentation into main README.md
- Mark rootless support as experimental
- Add clear documentation about limitations and use cases
- Include warning about experimental nature

This consolidates all documentation in one place and makes it clear
that rootless support is still experimental.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>

build.py

@@ -6,6 +6,7 @@ import subprocess
 import shutil
 import sys
 import tempfile
+import argparse
 
 
 PLATFORMS = [
@@ -25,9 +26,9 @@ def create_builder(build_dir, builder_name, platform):
             exit(1)
 
 
-def build_and_push_multiarch(build_dir, build_args, push):
-    builder_name = "factoriotools-multiarch"
-    platform=",".join(PLATFORMS)
+def build_and_push_multiarch(build_dir, build_args, push, builder_suffix=""):
+    builder_name = f"factoriotools{builder_suffix}-multiarch"
+    platform = ",".join(PLATFORMS)
     create_builder(build_dir, builder_name, platform)
     build_command = ["docker", "buildx", "build", "--platform", platform, "--builder", builder_name] + build_args
     if push:
@@ -35,16 +36,16 @@ def build_and_push_multiarch(build_dir, build_args, push):
     try:
         subprocess.run(build_command, cwd=build_dir, check=True)
     except subprocess.CalledProcessError:
-        print("Build and push of image failed")
+        print(f"Build and push of {builder_suffix or 'regular'} image failed")
         exit(1)
 
 
-def build_singlearch(build_dir, build_args):
+def build_singlearch(build_dir, build_args, image_type="regular"):
     build_command = ["docker", "build"] + build_args
     try:
         subprocess.run(build_command, cwd=build_dir, check=True)
     except subprocess.CalledProcessError:
-        print("Build of image failed")
+        print(f"Build of {image_type} image failed")
         exit(1)
 
 
@@ -58,16 +59,19 @@ def push_singlearch(tags):
             exit(1)
 
 
-def build_and_push(sha256, version, tags, push, multiarch):
+def build_and_push(sha256, version, tags, push, multiarch, dockerfile="Dockerfile", builder_suffix=""):
     build_dir = tempfile.mktemp()
     shutil.copytree("docker", build_dir)
-    build_args = ["--build-arg", f"VERSION={version}", "--build-arg", f"SHA256={sha256}", "."]
+    build_args = ["-f", dockerfile, "--build-arg", f"VERSION={version}", "--build-arg", f"SHA256={sha256}", "."]
     for tag in tags:
         build_args.extend(["-t", f"factoriotools/factorio:{tag}"])
+    
+    image_type = "rootless" if "rootless" in dockerfile.lower() else "regular"
+    
     if multiarch:
-        build_and_push_multiarch(build_dir, build_args, push)
+        build_and_push_multiarch(build_dir, build_args, push, builder_suffix)
     else:
-        build_singlearch(build_dir, build_args)
+        build_singlearch(build_dir, build_args, image_type)
         if push:
             push_singlearch(tags)
 
@@ -85,25 +89,69 @@ def login():
         exit(1)
 
 
-def main(push_tags=False, multiarch=False):
+def generate_rootless_tags(original_tags):
+    """Generate rootless-specific tags from original tags"""
+    return [f"{tag}-rootless" for tag in original_tags]
+
+
+def main():
+    parser = argparse.ArgumentParser(description='Build Factorio Docker images')
+    parser.add_argument('--push-tags', action='store_true', help='Push images to Docker Hub')
+    parser.add_argument('--multiarch', action='store_true', help='Build multi-architecture images')
+    parser.add_argument('--rootless', action='store_true', help='Build only rootless images')
+    parser.add_argument('--both', action='store_true', help='Build both regular and rootless images')
+    parser.add_argument('--only-stable-latest', action='store_true', 
+                        help='Build only stable and latest versions (for rootless by default)')
+    
+    args = parser.parse_args()
+    
+    # Default behavior: build regular images unless specified otherwise
+    build_regular = not args.rootless or args.both
+    build_rootless = args.rootless or args.both
+    
     with open(os.path.join(os.path.dirname(__file__), "buildinfo.json")) as file_handle:
         builddata = json.load(file_handle)
 
-    if push_tags:
+    if args.push_tags:
         login()
 
+    # Filter versions if needed
+    versions_to_build = []
     for version, buildinfo in sorted(builddata.items(), key=lambda item: item[0], reverse=True):
-        sha256 = buildinfo["sha256"]
-        tags = buildinfo["tags"]
-        build_and_push(sha256, version, tags, push_tags, multiarch)
+        if args.only_stable_latest or (build_rootless and not build_regular):
+            # For rootless-only builds, default to stable/latest only
+            if "stable" in buildinfo["tags"] or "latest" in buildinfo["tags"]:
+                versions_to_build.append((version, buildinfo))
+        else:
+            versions_to_build.append((version, buildinfo))
+    
+    # Build regular images
+    if build_regular:
+        print("Building regular images...")
+        for version, buildinfo in versions_to_build:
+            sha256 = buildinfo["sha256"]
+            tags = buildinfo["tags"]
+            build_and_push(sha256, version, tags, args.push_tags, args.multiarch)
+    
+    # Build rootless images
+    if build_rootless:
+        print("Building rootless images...")
+        # For rootless, only build stable and latest unless building both
+        rootless_versions = []
+        if not build_regular or args.only_stable_latest:
+            for version, buildinfo in builddata.items():
+                if "stable" in buildinfo["tags"] or "latest" in buildinfo["tags"]:
+                    rootless_versions.append((version, buildinfo))
+        else:
+            rootless_versions = versions_to_build
+            
+        for version, buildinfo in rootless_versions:
+            sha256 = buildinfo["sha256"]
+            original_tags = buildinfo["tags"]
+            rootless_tags = generate_rootless_tags(original_tags)
+            build_and_push(sha256, version, rootless_tags, args.push_tags, args.multiarch, 
+                         dockerfile="Dockerfile.rootless", builder_suffix="-rootless")
 
 
 if __name__ == '__main__':
-    push_tags = False
-    multiarch = False
-    for arg in sys.argv[1:]:
-        if arg == "--push-tags":
-            push_tags = True
-        elif arg == "--multiarch":
-            multiarch = True
-    main(push_tags, multiarch)
+    main()