| FROM python:3.10-slim | |
| # Set environment variables to make Python and Pip output unbuffered (good for logs) | |
| ENV PYTHONUNBUFFERED=1 | |
| # Install system dependencies including ffmpeg | |
| RUN apt-get update && \ | |
| apt-get install -y --no-install-recommends ffmpeg libsm6 libxext6 && \ | |
| apt-get clean && \ | |
| rm -rf /var/lib/apt/lists/* | |
| # Create a non-root user and group | |
| ARG APP_USER_UID=1000 | |
| ARG APP_USER_GID=1000 | |
| RUN groupadd --gid $APP_USER_GID appgroup && \ | |
| useradd --uid $APP_USER_UID --gid appgroup --shell /bin/bash --create-home appuser | |
| # Set the working directory (this will also be appuser's home directory due to --create-home) | |
| WORKDIR /home/appuser/app | |
| # Copy requirements first to leverage Docker cache | |
| COPY requirements.txt ./ | |
| # Install Python dependencies | |
| # Ensure pip is up to date, then install requirements | |
| RUN pip install --no-cache-dir --upgrade pip | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| # Copy the rest of the application code | |
| COPY . . | |
| # Change ownership of the app directory to the appuser | |
| # (WORKDIR is /home/appuser/app, so chown this path) | |
| RUN chown -R appuser:appgroup /home/appuser/app | |
| # Switch to the non-root user | |
| USER appuser | |
| # Expose Streamlit's default port | |
| EXPOSE 8501 | |
| # Command to run Streamlit | |
| # Using server.headless=true is good practice for containers. | |
| # Streamlit will try to create .streamlit in the user's home dir (/home/appuser) | |
| CMD ["streamlit", "run", "app.py", "--server.headless=true"] |