Dockerfile

FROM python:3.10-slim

# Set environment variables
ENV PYTHONUNBUFFERED=1
# Prevents interactive prompts during apt-get install
ENV DEBIAN_FRONTEND=noninteractive

# Install base system dependencies including debconf-utils
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        ffmpeg \
        libsm6 \
        libxext6 \
        fontconfig \
        debconf-utils

# Pre-accept EULA and install Microsoft Core Fonts
# Using full path for debconf-set-sections for robustness
RUN echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" | /usr/bin/debconf-set-sections && \
    apt-get install -y --no-install-recommends ttf-mscorefonts-installer

# Update font cache and clean up
RUN fc-cache -f -v && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Create a non-root user and group for security and permission handling
ARG APP_USER_UID=1000
ARG APP_USER_GID=1000
RUN groupadd --gid $APP_USER_GID appgroup && \
    useradd --uid $APP_USER_UID --gid appgroup --shell /bin/bash --create-home appuser

# Set the working directory (this will also be appuser's home directory)
WORKDIR /home/appuser/app

# Copy requirements.txt first to leverage Docker build cache
COPY --chown=appuser:appgroup requirements.txt ./

# Upgrade pip and install Python dependencies as the appuser
USER appuser
RUN python -m pip install --no-cache-dir --upgrade pip
RUN python -m pip install --no-cache-dir -r requirements.txt

# Copy the rest of the application code as the appuser
# This ensures correct ownership from the start
COPY --chown=appuser:appgroup . .

# Expose Streamlit's default port
EXPOSE 8501

# Command to run Streamlit
# Using server.headless=true is good practice for containers.
# Streamlit will try to create .streamlit in the user's home dir (/home/appuser)
CMD ["streamlit", "run", "app.py", "--server.headless=true", "--server.port=8501", "--server.fileWatcherType=none"]