Update Dockerfile

Dockerfile

@@ -11,55 +11,53 @@ RUN apt-get update && \
         fontconfig \
         imagemagick \
         ghostscript && \
-    # Modify ImageMagick policy to be less restrictive for TextClip
-    # This entire block is a single shell command executed by RUN
-    # The semicolon after the fi is important for shell syntax if followed by &&
-    # We ensure the subshell commands are properly chained with && inside the subshell
-    # and the whole subshell is one command in the RUN sequence.
     ( \
         POLICY_FILE=$(find /etc/ImageMagick* -name policy.xml -print -quit 2>/dev/null) && \
         if [ -n "$POLICY_FILE" ] && [ -f "$POLICY_FILE" ]; then \
             echo "INFO: Modifying ImageMagick policy file: $POLICY_FILE"; \
             sed -i 's/<policy domain="coder" rights="none" pattern="PS" \/>/<!-- & -->/' "$POLICY_FILE" && \
-            sed -i 's/<policy domain="coder" rights="none" pattern="PS2" \/>/<!-- & -->/' "$POLICY_FILE" && \
-            sed -i 's/<policy domain="coder" rights="none" pattern="PS3" \/>/<!-- & -->/' "$POLICY_FILE" && \
             sed -i 's/<policy domain="coder" rights="none" pattern="EPS" \/>/<!-- & -->/' "$POLICY_FILE" && \
             sed -i 's/<policy domain="coder" rights="none" pattern="PDF" \/>/<!-- & -->/' "$POLICY_FILE" && \
-            sed -i 's/<policy domain="coder" rights="none" pattern="XPS" \/>/<!-- & -->/' "$POLICY_FILE" && \
-            sed -i 's/<policy domain="coder" rights="none" pattern="LABEL" \/>/<!-- & -->/' "$POLICY_FILE" && \
             sed -i 's/<policy domain="coder" rights="none" pattern="TEXT" \/>/<!-- & -->/' "$POLICY_FILE" && \
+            sed -i 's/<policy domain="coder" rights="none" pattern="LABEL" \/>/<!-- & -->/' "$POLICY_FILE" && \
             sed -i 's/<policy domain="path" rights="none" pattern="@*" \/>/<!-- & -->/' "$POLICY_FILE" && \
             echo "INFO: ImageMagick policy potentially updated."; \
         else \
-            echo "WARNING: ImageMagick policy.xml not found or find command failed. TextClip might fail."; \
+            echo "WARNING: ImageMagick policy.xml not found. TextClip might fail."; \
         fi \
     ) && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
-# Create directory for custom fonts and copy your font file(s)
 RUN mkdir -p /usr/local/share/fonts/truetype/mycustomfonts
 COPY assets/fonts/arial.ttf /usr/local/share/fonts/truetype/mycustomfonts/arial.ttf 
-
-# Rebuild font cache AFTER copying fonts
 RUN fc-cache -f -s -v
 
-# Create a non-root user and group
 ARG APP_USER_UID=1000
 ARG APP_USER_GID=1000
 RUN groupadd --gid $APP_USER_GID appgroup && \
     useradd --uid $APP_USER_UID --gid appgroup --shell /bin/bash --create-home appuser
 
-WORKDIR /home/appuser/app
-COPY --chown=appuser:appgroup requirements.txt ./
+WORKDIR /home/appuser/app # Set WORKDIR for appuser's home/app space
 
-USER appuser
-ENV PATH="/home/appuser/.local/bin:${PATH}" 
+# Copy requirements first (as root or default builder user)
+COPY requirements.txt ./
+RUN python -m pip install --no-cache-dir --upgrade pip && \
+    python -m pip install --no-cache-dir -r requirements.txt
+
+# Copy all application code
+COPY . .
 
-RUN python -m pip install --no-cache-dir --upgrade pip
-RUN python -m pip install --no-cache-dir -r requirements.txt
+# Ensure the output directory exists and is writable by appuser BEFORE switching user
+# Create it as root, then chown specifically, then chown the whole app dir.
+RUN mkdir -p /home/appuser/app/temp_cinegen_media && \
+    chown -R appuser:appgroup /home/appuser/app/temp_cinegen_media && \
+    chown -R appuser:appgroup /home/appuser/app 
+    # chmod -R 775 /home/appuser/app/temp_cinegen_media # Optionally, more explicit permissions
 
-COPY --chown=appuser:appgroup . .
+# Switch to the non-root user
+USER appuser
+ENV PATH="/home/appuser/.local/bin:${PATH}" 
 
 EXPOSE 8501
 CMD ["streamlit", "run", "app.py", "--server.headless=true", "--server.port=8501", "--server.fileWatcherType=none"]