Refactor Dockerfile to improve dependency caching, set environment variables, and enhance directory permissions
Browse files- Dockerfile +8 -9
Dockerfile
CHANGED
@@ -2,37 +2,36 @@ FROM python:3.9-slim
|
|
2 |
|
3 |
WORKDIR /app
|
4 |
|
5 |
-
#
|
6 |
RUN apt-get update && apt-get install -y \
|
7 |
build-essential \
|
8 |
&& rm -rf /var/lib/apt/lists/*
|
9 |
|
10 |
-
#
|
11 |
RUN mkdir -p cache/huggingface vector_store chat_history \
|
12 |
&& chown -R 1000:1000 . \
|
13 |
&& chmod -R 755 .
|
14 |
|
15 |
-
#
|
16 |
COPY requirements.txt .
|
17 |
|
18 |
-
#
|
19 |
RUN pip install --no-cache-dir -r requirements.txt
|
20 |
|
21 |
-
#
|
22 |
COPY . .
|
23 |
|
24 |
-
#
|
25 |
-
ENV TRANSFORMERS_CACHE=/app/cache/huggingface
|
26 |
ENV HF_HOME=/app/cache/huggingface
|
27 |
ENV HUGGINGFACE_HUB_CACHE=/app/cache/huggingface
|
28 |
ENV XDG_CACHE_HOME=/app/cache
|
29 |
|
30 |
-
#
|
31 |
RUN chown -R 1000:1000 /app \
|
32 |
&& find /app -type d -exec chmod 755 {} \; \
|
33 |
&& find /app -type f -exec chmod 644 {} \;
|
34 |
|
35 |
-
#
|
36 |
USER 1000
|
37 |
|
38 |
EXPOSE 8000
|
|
|
2 |
|
3 |
WORKDIR /app
|
4 |
|
5 |
+
# Install system dependencies
|
6 |
RUN apt-get update && apt-get install -y \
|
7 |
build-essential \
|
8 |
&& rm -rf /var/lib/apt/lists/*
|
9 |
|
10 |
+
# Create directories with secure permissions
|
11 |
RUN mkdir -p cache/huggingface vector_store chat_history \
|
12 |
&& chown -R 1000:1000 . \
|
13 |
&& chmod -R 755 .
|
14 |
|
15 |
+
# Copy dependencies separately for caching
|
16 |
COPY requirements.txt .
|
17 |
|
18 |
+
# Install Python dependencies
|
19 |
RUN pip install --no-cache-dir -r requirements.txt
|
20 |
|
21 |
+
# Copy source code
|
22 |
COPY . .
|
23 |
|
24 |
+
# Set environment variables
|
|
|
25 |
ENV HF_HOME=/app/cache/huggingface
|
26 |
ENV HUGGINGFACE_HUB_CACHE=/app/cache/huggingface
|
27 |
ENV XDG_CACHE_HOME=/app/cache
|
28 |
|
29 |
+
# Set permissions (only for newly created files)
|
30 |
RUN chown -R 1000:1000 /app \
|
31 |
&& find /app -type d -exec chmod 755 {} \; \
|
32 |
&& find /app -type f -exec chmod 644 {} \;
|
33 |
|
34 |
+
# Run as non-privileged user
|
35 |
USER 1000
|
36 |
|
37 |
EXPOSE 8000
|