Refactor Dockerfile to improve dependency caching, set environment variables, and enhance directory permissions
Browse files- Dockerfile +8 -9
Dockerfile
CHANGED
|
@@ -2,37 +2,36 @@ FROM python:3.9-slim
|
|
| 2 |
|
| 3 |
WORKDIR /app
|
| 4 |
|
| 5 |
-
#
|
| 6 |
RUN apt-get update && apt-get install -y \
|
| 7 |
build-essential \
|
| 8 |
&& rm -rf /var/lib/apt/lists/*
|
| 9 |
|
| 10 |
-
#
|
| 11 |
RUN mkdir -p cache/huggingface vector_store chat_history \
|
| 12 |
&& chown -R 1000:1000 . \
|
| 13 |
&& chmod -R 755 .
|
| 14 |
|
| 15 |
-
#
|
| 16 |
COPY requirements.txt .
|
| 17 |
|
| 18 |
-
#
|
| 19 |
RUN pip install --no-cache-dir -r requirements.txt
|
| 20 |
|
| 21 |
-
#
|
| 22 |
COPY . .
|
| 23 |
|
| 24 |
-
#
|
| 25 |
-
ENV TRANSFORMERS_CACHE=/app/cache/huggingface
|
| 26 |
ENV HF_HOME=/app/cache/huggingface
|
| 27 |
ENV HUGGINGFACE_HUB_CACHE=/app/cache/huggingface
|
| 28 |
ENV XDG_CACHE_HOME=/app/cache
|
| 29 |
|
| 30 |
-
#
|
| 31 |
RUN chown -R 1000:1000 /app \
|
| 32 |
&& find /app -type d -exec chmod 755 {} \; \
|
| 33 |
&& find /app -type f -exec chmod 644 {} \;
|
| 34 |
|
| 35 |
-
#
|
| 36 |
USER 1000
|
| 37 |
|
| 38 |
EXPOSE 8000
|
|
|
|
| 2 |
|
| 3 |
WORKDIR /app
|
| 4 |
|
| 5 |
+
# Install system dependencies
|
| 6 |
RUN apt-get update && apt-get install -y \
|
| 7 |
build-essential \
|
| 8 |
&& rm -rf /var/lib/apt/lists/*
|
| 9 |
|
| 10 |
+
# Create directories with secure permissions
|
| 11 |
RUN mkdir -p cache/huggingface vector_store chat_history \
|
| 12 |
&& chown -R 1000:1000 . \
|
| 13 |
&& chmod -R 755 .
|
| 14 |
|
| 15 |
+
# Copy dependencies separately for caching
|
| 16 |
COPY requirements.txt .
|
| 17 |
|
| 18 |
+
# Install Python dependencies
|
| 19 |
RUN pip install --no-cache-dir -r requirements.txt
|
| 20 |
|
| 21 |
+
# Copy source code
|
| 22 |
COPY . .
|
| 23 |
|
| 24 |
+
# Set environment variables
|
|
|
|
| 25 |
ENV HF_HOME=/app/cache/huggingface
|
| 26 |
ENV HUGGINGFACE_HUB_CACHE=/app/cache/huggingface
|
| 27 |
ENV XDG_CACHE_HOME=/app/cache
|
| 28 |
|
| 29 |
+
# Set permissions (only for newly created files)
|
| 30 |
RUN chown -R 1000:1000 /app \
|
| 31 |
&& find /app -type d -exec chmod 755 {} \; \
|
| 32 |
&& find /app -type f -exec chmod 644 {} \;
|
| 33 |
|
| 34 |
+
# Run as non-privileged user
|
| 35 |
USER 1000
|
| 36 |
|
| 37 |
EXPOSE 8000
|