Update Dockerfile
Browse files- Dockerfile +16 -23
Dockerfile
CHANGED
|
@@ -52,49 +52,42 @@ RUN groupadd -r appgroup --gid 1000 && \
|
|
| 52 |
|
| 53 |
# Set Streamlit home directory (already created and chowned)
|
| 54 |
ENV STREAMLIT_HOME=/home/appuser/.streamlit
|
|
|
|
|
|
|
| 55 |
|
| 56 |
-
# Set the working directory in the container
|
| 57 |
WORKDIR /app
|
| 58 |
|
| 59 |
-
# Copy requirements.txt
|
| 60 |
-
# First, copy just requirements.txt and chown its destination so appuser can write to /app (temporarily for this step)
|
| 61 |
COPY --chown=appuser:appgroup requirements.txt .
|
|
|
|
|
|
|
| 62 |
USER appuser
|
| 63 |
RUN pip install --no-cache-dir --upgrade pip && \
|
| 64 |
-
pip install --user --no-cache-dir -r requirements.txt
|
| 65 |
|
| 66 |
# Add user's local bin to PATH
|
| 67 |
ENV PATH="/home/appuser/.local/bin:${PATH}"
|
| 68 |
|
| 69 |
-
#
|
| 70 |
-
# WORKDIR /app is still in effect, appuser should have rights to write here if /app was chowned.
|
| 71 |
-
# However, to be absolutely safe, we copy to a location appuser definitely owns, or chown /app after copy by root.
|
| 72 |
-
# Let's stick to copying as root then chowning all of /app.
|
| 73 |
-
|
| 74 |
USER root
|
| 75 |
-
COPY . .
|
| 76 |
RUN chown -R appuser:appgroup /app
|
| 77 |
|
| 78 |
-
# Create runtime directories
|
| 79 |
USER appuser
|
| 80 |
RUN mkdir -p /app/temp_cinegen_media
|
| 81 |
-
RUN mkdir -p /app/assets/fonts
|
| 82 |
|
| 83 |
-
#
|
| 84 |
-
# This step is optional if Pillow direct font path loading is sufficient.
|
| 85 |
# USER root
|
| 86 |
# RUN if [ -d "/app/assets/fonts" ] && [ "$(ls -A /app/assets/fonts)" ]; then \
|
| 87 |
-
#
|
| 88 |
-
#
|
| 89 |
-
# fc-cache -fv && \
|
| 90 |
-
# echo "INFO: Copied custom fonts and refreshed font cache (as root)."; \
|
| 91 |
-
# else \
|
| 92 |
-
# echo "INFO: No custom fonts found in /app/assets/fonts to copy system-wide." ; \
|
| 93 |
-
# fi
|
| 94 |
-
# USER appuser # Switch back to appuser for runtime
|
| 95 |
|
| 96 |
# Expose the port Streamlit runs on
|
| 97 |
EXPOSE 8501
|
| 98 |
|
| 99 |
# Define the command to run the application
|
| 100 |
-
|
|
|
|
|
|
| 52 |
|
| 53 |
# Set Streamlit home directory (already created and chowned)
|
| 54 |
ENV STREAMLIT_HOME=/home/appuser/.streamlit
|
| 55 |
+
# Set environment variable to disable telemetry (alternative to CLI flag)
|
| 56 |
+
ENV STREAMLIT_CLIENT_GATHER_USAGE_STATS=false
|
| 57 |
|
| 58 |
+
# Set the working directory in the container
|
| 59 |
WORKDIR /app
|
| 60 |
|
| 61 |
+
# Copy requirements.txt
|
|
|
|
| 62 |
COPY --chown=appuser:appgroup requirements.txt .
|
| 63 |
+
|
| 64 |
+
# Install Python dependencies as the non-root user
|
| 65 |
USER appuser
|
| 66 |
RUN pip install --no-cache-dir --upgrade pip && \
|
| 67 |
+
pip install --user --no-cache-dir -r requirements.txt
|
| 68 |
|
| 69 |
# Add user's local bin to PATH
|
| 70 |
ENV PATH="/home/appuser/.local/bin:${PATH}"
|
| 71 |
|
| 72 |
+
# Switch back to root temporarily for copying application files and setting permissions
|
|
|
|
|
|
|
|
|
|
|
|
|
| 73 |
USER root
|
| 74 |
+
COPY . .
|
| 75 |
RUN chown -R appuser:appgroup /app
|
| 76 |
|
| 77 |
+
# Create runtime directories as appuser (now that /app is owned by appuser)
|
| 78 |
USER appuser
|
| 79 |
RUN mkdir -p /app/temp_cinegen_media
|
| 80 |
+
RUN mkdir -p /app/assets/fonts
|
| 81 |
|
| 82 |
+
# (Optional: System-wide font copy block, commented out as before, only if needed)
|
|
|
|
| 83 |
# USER root
|
| 84 |
# RUN if [ -d "/app/assets/fonts" ] && [ "$(ls -A /app/assets/fonts)" ]; then \
|
| 85 |
+
# ...
|
| 86 |
+
# USER appuser
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 87 |
|
| 88 |
# Expose the port Streamlit runs on
|
| 89 |
EXPOSE 8501
|
| 90 |
|
| 91 |
# Define the command to run the application
|
| 92 |
+
# REMOVED --global.sharingMode=off
|
| 93 |
+
CMD ["streamlit", "run", "app.py", "--server.port=8501", "--server.address=0.0.0.0", "--client.gatherUsageStats=false"]
|