Update Dockerfile
Browse files- Dockerfile +28 -11
Dockerfile
CHANGED
|
@@ -1,4 +1,26 @@
|
|
| 1 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
|
| 3 |
# Create a non-root user and group
|
| 4 |
ARG APP_USER_UID=1000
|
|
@@ -11,28 +33,23 @@ WORKDIR /home/appuser/app
|
|
| 11 |
|
| 12 |
# Copy requirements.txt first
|
| 13 |
COPY requirements.txt ./
|
| 14 |
-
# Note: No --chown here yet, let root handle this initial copy for pip cache reasons if any
|
| 15 |
|
| 16 |
-
# Pip install as root (or
|
| 17 |
-
# This avoids issues if some packages need to write to system locations during install
|
| 18 |
-
# and also helps if the user's .local/bin isn't perfectly on PATH immediately
|
| 19 |
RUN python -m pip install --no-cache-dir --upgrade pip
|
| 20 |
RUN python -m pip install --no-cache-dir -r requirements.txt
|
| 21 |
|
| 22 |
# Now copy the rest of the application code
|
| 23 |
COPY . .
|
| 24 |
|
| 25 |
-
#
|
| 26 |
-
#
|
| 27 |
-
# and its contents are owned by appuser and appuser has write permissions.
|
| 28 |
-
# Also, explicitly create the output directory as root and then chown it.
|
| 29 |
RUN mkdir -p /home/appuser/app/temp_cinegen_media && \
|
| 30 |
chown -R appuser:appgroup /home/appuser/app
|
| 31 |
-
# The chown -R above should cover temp_cinegen_media as well if it's inside /app
|
| 32 |
|
| 33 |
# Switch to the non-root user
|
| 34 |
USER appuser
|
| 35 |
-
|
|
|
|
| 36 |
|
| 37 |
# Expose Streamlit's default port
|
| 38 |
EXPOSE 8501
|
|
|
|
| 1 |
+
FROM python:3.10-slim
|
| 2 |
+
|
| 3 |
+
# Set environment variables
|
| 4 |
+
ENV PYTHONUNBUFFERED=1
|
| 5 |
+
ENV DEBIAN_FRONTEND=noninteractive
|
| 6 |
+
|
| 7 |
+
# Install system dependencies
|
| 8 |
+
RUN apt-get update && \
|
| 9 |
+
apt-get install -y --no-install-recommends \
|
| 10 |
+
ffmpeg \
|
| 11 |
+
libsm6 \
|
| 12 |
+
libxext6 \
|
| 13 |
+
fontconfig \
|
| 14 |
+
imagemagick && \
|
| 15 |
+
apt-get clean && \
|
| 16 |
+
rm -rf /var/lib/apt/lists/*
|
| 17 |
+
|
| 18 |
+
# Create directory for custom fonts and copy your font file(s)
|
| 19 |
+
RUN mkdir -p /usr/local/share/fonts/truetype/mycustomfonts
|
| 20 |
+
COPY assets/fonts/arial.ttf /usr/local/share/fonts/truetype/mycustomfonts/arial.ttf
|
| 21 |
+
|
| 22 |
+
# Rebuild font cache AFTER copying fonts
|
| 23 |
+
RUN fc-cache -f -s -v
|
| 24 |
|
| 25 |
# Create a non-root user and group
|
| 26 |
ARG APP_USER_UID=1000
|
|
|
|
| 33 |
|
| 34 |
# Copy requirements.txt first
|
| 35 |
COPY requirements.txt ./
|
|
|
|
| 36 |
|
| 37 |
+
# Pip install as root (or default user before USER appuser)
|
|
|
|
|
|
|
| 38 |
RUN python -m pip install --no-cache-dir --upgrade pip
|
| 39 |
RUN python -m pip install --no-cache-dir -r requirements.txt
|
| 40 |
|
| 41 |
# Now copy the rest of the application code
|
| 42 |
COPY . .
|
| 43 |
|
| 44 |
+
# Ensure the entire app directory and its contents are owned by appuser
|
| 45 |
+
# and explicitly create the output directory as root and then chown it.
|
|
|
|
|
|
|
| 46 |
RUN mkdir -p /home/appuser/app/temp_cinegen_media && \
|
| 47 |
chown -R appuser:appgroup /home/appuser/app
|
|
|
|
| 48 |
|
| 49 |
# Switch to the non-root user
|
| 50 |
USER appuser
|
| 51 |
+
# Ensure user's local bin is in PATH for pip-installed executables
|
| 52 |
+
ENV PATH="/home/appuser/.local/bin:${PATH}"
|
| 53 |
|
| 54 |
# Expose Streamlit's default port
|
| 55 |
EXPOSE 8501
|