Spaces:
Running
Running
James McCool
Refactor Dockerfile to expose MongoDB URI secret at build time and simplify the ENTRYPOINT command for the Streamlit app. This change enhances security by using secrets during the build process and improves clarity in the container startup configuration.
44d5cc1
| FROM python:3.9-slim | |
| WORKDIR /app | |
| RUN apt-get update && apt-get install -y \ | |
| build-essential \ | |
| curl \ | |
| software-properties-common \ | |
| git \ | |
| && rm -rf /var/lib/apt/lists/* | |
| COPY requirements.txt ./ | |
| COPY src/ ./src/ | |
| RUN pip3 install -r requirements.txt | |
| # Expose the secret SECRET_EXAMPLE at buildtime and use its value as git remote URL | |
| RUN --mount=type=secret,id=mongo_uri,mode=0444,required=true \ | |
| git init && \ | |
| git remote add origin $(cat /run/secrets/mongo_uri) | |
| EXPOSE 8501 | |
| HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health | |
| ENTRYPOINT ["streamlit", "run", "src/streamlit_app.py", "--server.port=8501", "--server.address=0.0.0.0"] |