Update Dockerfile
Browse files- Dockerfile +44 -17
Dockerfile
CHANGED
|
@@ -12,6 +12,9 @@ ENV LANG C.UTF-8
|
|
| 12 |
ENV LC_ALL C.UTF-8
|
| 13 |
|
| 14 |
# Install system dependencies (as root)
|
|
|
|
|
|
|
|
|
|
| 15 |
RUN apt-get update && apt-get install -y --no-install-recommends \
|
| 16 |
ffmpeg \
|
| 17 |
imagemagick \
|
|
@@ -26,15 +29,16 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
| 26 |
&& rm -rf /var/lib/apt/lists/*
|
| 27 |
|
| 28 |
# Modify ImageMagick policy.xml (as root)
|
|
|
|
| 29 |
RUN if [ -f /etc/ImageMagick-6/policy.xml ]; then \
|
| 30 |
XML_FILE="/etc/ImageMagick-6/policy.xml"; \
|
| 31 |
-
echo "INFO:
|
| 32 |
elif [ -f /etc/ImageMagick-7/policy.xml ]; then \
|
| 33 |
XML_FILE="/etc/ImageMagick-7/policy.xml"; \
|
| 34 |
-
echo "INFO:
|
| 35 |
else \
|
| 36 |
XML_FILE=""; \
|
| 37 |
-
echo "WARNING: ImageMagick policy.xml not found
|
| 38 |
fi && \
|
| 39 |
if [ -n "$XML_FILE" ] && [ -f "$XML_FILE" ]; then \
|
| 40 |
sed -i 's/<policy domain="path" rights="none" pattern="@\*"\/>/<!-- <policy domain="path" rights="none" pattern="@\*" \/> -->/' "$XML_FILE" && \
|
|
@@ -45,50 +49,73 @@ RUN if [ -f /etc/ImageMagick-6/policy.xml ]; then \
|
|
| 45 |
sed -i 's/<policy domain="coder" rights="none" pattern="HTTPS"\/>/<!-- <policy domain="coder" rights="none" pattern="HTTPS" \/> -->/' "$XML_FILE" && \
|
| 46 |
sed -i 's/<policy domain="coder" rights="none" pattern="HTTP"\/>/<!-- <policy domain="coder" rights="none" pattern="HTTP" \/> -->/' "$XML_FILE" && \
|
| 47 |
echo "INFO: ImageMagick policy modifications applied to $XML_FILE." ; \
|
|
|
|
|
|
|
| 48 |
fi
|
| 49 |
|
| 50 |
-
# Create a non-root user and group
|
|
|
|
| 51 |
RUN groupadd -r appgroup --gid 1000 && \
|
| 52 |
useradd --no-log-init -r -g appgroup -u 1000 --create-home --shell /bin/bash appuser && \
|
| 53 |
mkdir -p /home/appuser/.cache/pip && \
|
| 54 |
mkdir -p /home/appuser/.streamlit && \
|
| 55 |
chown -R appuser:appgroup /home/appuser
|
| 56 |
|
| 57 |
-
# Set Streamlit home directory
|
| 58 |
ENV STREAMLIT_HOME=/home/appuser/.streamlit
|
|
|
|
| 59 |
ENV BROWSER_GATHERUSAGEDATA=false
|
| 60 |
|
| 61 |
-
# Set the working directory
|
| 62 |
WORKDIR /app
|
| 63 |
|
| 64 |
-
# Copy requirements.txt
|
|
|
|
| 65 |
COPY --chown=appuser:appgroup requirements.txt .
|
| 66 |
|
| 67 |
-
#
|
| 68 |
USER appuser
|
| 69 |
RUN pip install --no-cache-dir --upgrade pip && \
|
| 70 |
-
echo "Attempting to install packages from requirements.txt" && \
|
| 71 |
pip install --user --no-cache-dir -r requirements.txt
|
| 72 |
-
#
|
| 73 |
-
#
|
|
|
|
| 74 |
|
| 75 |
-
# Add user's local bin to PATH
|
|
|
|
| 76 |
ENV PATH="/home/appuser/.local/bin:${PATH}"
|
| 77 |
|
| 78 |
-
# Switch back to root
|
|
|
|
|
|
|
| 79 |
USER root
|
| 80 |
-
COPY . .
|
|
|
|
| 81 |
RUN chown -R appuser:appgroup /app
|
| 82 |
|
| 83 |
# Create runtime directories as appuser (now that /app is owned by appuser)
|
| 84 |
USER appuser
|
| 85 |
RUN mkdir -p /app/temp_cinegen_media
|
| 86 |
-
RUN mkdir -p /app/assets/fonts
|
| 87 |
|
| 88 |
-
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 89 |
|
| 90 |
# Expose the port Streamlit runs on
|
| 91 |
EXPOSE 8501
|
| 92 |
|
| 93 |
-
# Define the command to run the application
|
|
|
|
| 94 |
CMD ["streamlit", "run", "app.py", "--server.port=8501", "--server.address=0.0.0.0", "--browser.gatherUsageStats=false"]
|
|
|
|
| 12 |
ENV LC_ALL C.UTF-8
|
| 13 |
|
| 14 |
# Install system dependencies (as root)
|
| 15 |
+
# build-essential for packages that might need to compile C code
|
| 16 |
+
# libffi-dev often needed by cryptography (common sub-dependency)
|
| 17 |
+
# curl is a generally useful utility
|
| 18 |
RUN apt-get update && apt-get install -y --no-install-recommends \
|
| 19 |
ffmpeg \
|
| 20 |
imagemagick \
|
|
|
|
| 29 |
&& rm -rf /var/lib/apt/lists/*
|
| 30 |
|
| 31 |
# Modify ImageMagick policy.xml (as root)
|
| 32 |
+
# This is critical for TextClip and other ImageMagick-dependent features in MoviePy
|
| 33 |
RUN if [ -f /etc/ImageMagick-6/policy.xml ]; then \
|
| 34 |
XML_FILE="/etc/ImageMagick-6/policy.xml"; \
|
| 35 |
+
echo "INFO: Attempting to modify ImageMagick policy at $XML_FILE (v6)." ; \
|
| 36 |
elif [ -f /etc/ImageMagick-7/policy.xml ]; then \
|
| 37 |
XML_FILE="/etc/ImageMagick-7/policy.xml"; \
|
| 38 |
+
echo "INFO: Attempting to modify ImageMagick policy at $XML_FILE (v7)." ; \
|
| 39 |
else \
|
| 40 |
XML_FILE=""; \
|
| 41 |
+
echo "WARNING: ImageMagick policy.xml not found in /etc/ImageMagick-[67]/. MoviePy TextClip might fail." ; \
|
| 42 |
fi && \
|
| 43 |
if [ -n "$XML_FILE" ] && [ -f "$XML_FILE" ]; then \
|
| 44 |
sed -i 's/<policy domain="path" rights="none" pattern="@\*"\/>/<!-- <policy domain="path" rights="none" pattern="@\*" \/> -->/' "$XML_FILE" && \
|
|
|
|
| 49 |
sed -i 's/<policy domain="coder" rights="none" pattern="HTTPS"\/>/<!-- <policy domain="coder" rights="none" pattern="HTTPS" \/> -->/' "$XML_FILE" && \
|
| 50 |
sed -i 's/<policy domain="coder" rights="none" pattern="HTTP"\/>/<!-- <policy domain="coder" rights="none" pattern="HTTP" \/> -->/' "$XML_FILE" && \
|
| 51 |
echo "INFO: ImageMagick policy modifications applied to $XML_FILE." ; \
|
| 52 |
+
else \
|
| 53 |
+
echo "INFO: No ImageMagick policy file found to modify, or XML_FILE variable was empty." ; \
|
| 54 |
fi
|
| 55 |
|
| 56 |
+
# Create a non-root user and group.
|
| 57 |
+
# Create home directory, .cache for pip, and .streamlit for Streamlit config.
|
| 58 |
RUN groupadd -r appgroup --gid 1000 && \
|
| 59 |
useradd --no-log-init -r -g appgroup -u 1000 --create-home --shell /bin/bash appuser && \
|
| 60 |
mkdir -p /home/appuser/.cache/pip && \
|
| 61 |
mkdir -p /home/appuser/.streamlit && \
|
| 62 |
chown -R appuser:appgroup /home/appuser
|
| 63 |
|
| 64 |
+
# Set Streamlit home directory to the one created for appuser
|
| 65 |
ENV STREAMLIT_HOME=/home/appuser/.streamlit
|
| 66 |
+
# Disable Streamlit telemetry using environment variable (alternative to CLI flag)
|
| 67 |
ENV BROWSER_GATHERUSAGEDATA=false
|
| 68 |
|
| 69 |
+
# Set the working directory for the application
|
| 70 |
WORKDIR /app
|
| 71 |
|
| 72 |
+
# Copy requirements.txt first to leverage Docker layer caching.
|
| 73 |
+
# Ensure appuser owns this file in its destination.
|
| 74 |
COPY --chown=appuser:appgroup requirements.txt .
|
| 75 |
|
| 76 |
+
# Switch to the non-root user to install Python packages
|
| 77 |
USER appuser
|
| 78 |
RUN pip install --no-cache-dir --upgrade pip && \
|
| 79 |
+
echo "Attempting to install packages from requirements.txt as appuser..." && \
|
| 80 |
pip install --user --no-cache-dir -r requirements.txt
|
| 81 |
+
# If you still need streamlit-sortable from GitHub and it's NOT in requirements.txt:
|
| 82 |
+
# echo "Attempting to install streamlit-sortable from GitHub as appuser..." && \
|
| 83 |
+
# pip install --user --no-cache-dir git+https://github.com/okld/streamlit-sortable.git
|
| 84 |
|
| 85 |
+
# Add the user's local bin directory (where pip --user installs scripts) to PATH
|
| 86 |
+
# This ensures executables like 'streamlit' are found.
|
| 87 |
ENV PATH="/home/appuser/.local/bin:${PATH}"
|
| 88 |
|
| 89 |
+
# Switch back to root only for operations that require root privileges, like copying to system dirs
|
| 90 |
+
# For copying application code to /app, appuser should have write permission if WORKDIR is /app and /app is owned by appuser.
|
| 91 |
+
# However, using root for COPY and then chown is a common robust pattern.
|
| 92 |
USER root
|
| 93 |
+
COPY . .
|
| 94 |
+
# Ensure the entire /app directory and its contents are owned by appuser
|
| 95 |
RUN chown -R appuser:appgroup /app
|
| 96 |
|
| 97 |
# Create runtime directories as appuser (now that /app is owned by appuser)
|
| 98 |
USER appuser
|
| 99 |
RUN mkdir -p /app/temp_cinegen_media
|
| 100 |
+
RUN mkdir -p /app/assets/fonts # Ensure this exists, even if copied
|
| 101 |
|
| 102 |
+
# Optional: Copy custom fonts to a system-wide location if MoviePy/ImageMagick needs them there.
|
| 103 |
+
# This might require switching back to USER root temporarily for the cp and fc-cache.
|
| 104 |
+
# For now, relying on Pillow finding fonts in assets/ or system paths.
|
| 105 |
+
# USER root
|
| 106 |
+
# RUN if [ -d "/app/assets/fonts" ] && [ "$(ls -A /app/assets/fonts)" ]; then \
|
| 107 |
+
# mkdir -p /usr/local/share/fonts/truetype/cinegen_custom && \
|
| 108 |
+
# cp /app/assets/fonts/*.*tf /usr/local/share/fonts/truetype/cinegen_custom/ 2>/dev/null || true && \
|
| 109 |
+
# fc-cache -fv && \
|
| 110 |
+
# echo "INFO: Copied custom fonts to system and refreshed font cache."; \
|
| 111 |
+
# else \
|
| 112 |
+
# echo "INFO: No custom fonts found in /app/assets/fonts to copy system-wide." ; \
|
| 113 |
+
# fi
|
| 114 |
+
# USER appuser # Switch back to appuser for runtime
|
| 115 |
|
| 116 |
# Expose the port Streamlit runs on
|
| 117 |
EXPOSE 8501
|
| 118 |
|
| 119 |
+
# Define the command to run the application as appuser
|
| 120 |
+
# The --browser.gatherUsageStats=false flag should work for Streamlit 1.13+
|
| 121 |
CMD ["streamlit", "run", "app.py", "--server.port=8501", "--server.address=0.0.0.0", "--browser.gatherUsageStats=false"]
|