Update Dockerfile
Browse files- Dockerfile +26 -24
Dockerfile
CHANGED
|
@@ -1,39 +1,41 @@
|
|
| 1 |
-
FROM
|
| 2 |
-
|
| 3 |
-
ENV PYTHONUNBUFFERED=1
|
| 4 |
-
ENV DEBIAN_FRONTEND=noninteractive
|
| 5 |
-
|
| 6 |
-
RUN apt-get update && \
|
| 7 |
-
apt-get install -y --no-install-recommends \
|
| 8 |
-
ffmpeg \
|
| 9 |
-
libsm6 \
|
| 10 |
-
libxext6 \
|
| 11 |
-
fontconfig \
|
| 12 |
-
imagemagick && \
|
| 13 |
-
apt-get clean && \
|
| 14 |
-
rm -rf /var/lib/apt/lists/*
|
| 15 |
-
|
| 16 |
-
RUN mkdir -p /usr/local/share/fonts/truetype/mycustomfonts
|
| 17 |
-
COPY assets/fonts/arial.ttf /usr/local/share/fonts/truetype/mycustomfonts/arial.ttf
|
| 18 |
-
# Ensure 'assets/fonts/arial.ttf' exists in your repo
|
| 19 |
-
|
| 20 |
-
RUN fc-cache -f -s -v
|
| 21 |
|
|
|
|
| 22 |
ARG APP_USER_UID=1000
|
| 23 |
ARG APP_USER_GID=1000
|
| 24 |
RUN groupadd --gid $APP_USER_GID appgroup && \
|
| 25 |
useradd --uid $APP_USER_UID --gid appgroup --shell /bin/bash --create-home appuser
|
| 26 |
|
|
|
|
| 27 |
WORKDIR /home/appuser/app
|
| 28 |
-
COPY --chown=appuser:appgroup requirements.txt ./
|
| 29 |
|
| 30 |
-
|
| 31 |
-
|
|
|
|
| 32 |
|
|
|
|
|
|
|
|
|
|
| 33 |
RUN python -m pip install --no-cache-dir --upgrade pip
|
| 34 |
RUN python -m pip install --no-cache-dir -r requirements.txt
|
| 35 |
|
| 36 |
-
|
|
|
|
| 37 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 38 |
EXPOSE 8501
|
|
|
|
|
|
|
| 39 |
CMD ["streamlit", "run", "app.py", "--server.headless=true", "--server.port=8501", "--server.fileWatcherType=none"]
|
|
|
|
| 1 |
+
# ... (previous parts: FROM, ENV, apt-get install, font COPY, font cache) ...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
|
| 3 |
+
# Create a non-root user and group
|
| 4 |
ARG APP_USER_UID=1000
|
| 5 |
ARG APP_USER_GID=1000
|
| 6 |
RUN groupadd --gid $APP_USER_GID appgroup && \
|
| 7 |
useradd --uid $APP_USER_UID --gid appgroup --shell /bin/bash --create-home appuser
|
| 8 |
|
| 9 |
+
# Set the working directory
|
| 10 |
WORKDIR /home/appuser/app
|
|
|
|
| 11 |
|
| 12 |
+
# Copy requirements.txt first
|
| 13 |
+
COPY requirements.txt ./
|
| 14 |
+
# Note: No --chown here yet, let root handle this initial copy for pip cache reasons if any
|
| 15 |
|
| 16 |
+
# Pip install as root (or a user with system-wide install permissions)
|
| 17 |
+
# This avoids issues if some packages need to write to system locations during install
|
| 18 |
+
# and also helps if the user's .local/bin isn't perfectly on PATH immediately
|
| 19 |
RUN python -m pip install --no-cache-dir --upgrade pip
|
| 20 |
RUN python -m pip install --no-cache-dir -r requirements.txt
|
| 21 |
|
| 22 |
+
# Now copy the rest of the application code
|
| 23 |
+
COPY . .
|
| 24 |
|
| 25 |
+
# CRITICAL PERMISSION FIX:
|
| 26 |
+
# After all files are copied, ensure the entire app directory
|
| 27 |
+
# and its contents are owned by appuser and appuser has write permissions.
|
| 28 |
+
# Also, explicitly create the output directory as root and then chown it.
|
| 29 |
+
RUN mkdir -p /home/appuser/app/temp_cinegen_media && \
|
| 30 |
+
chown -R appuser:appgroup /home/appuser/app
|
| 31 |
+
# The chown -R above should cover temp_cinegen_media as well if it's inside /app
|
| 32 |
+
|
| 33 |
+
# Switch to the non-root user
|
| 34 |
+
USER appuser
|
| 35 |
+
ENV PATH="/home/appuser/.local/bin:${PATH}" # Ensure this is set for appuser
|
| 36 |
+
|
| 37 |
+
# Expose Streamlit's default port
|
| 38 |
EXPOSE 8501
|
| 39 |
+
|
| 40 |
+
# Command to run Streamlit
|
| 41 |
CMD ["streamlit", "run", "app.py", "--server.headless=true", "--server.port=8501", "--server.fileWatcherType=none"]
|