|
|
FROM python:3.10-slim |
|
|
|
|
|
ENV PYTHONUNBUFFERED=1 |
|
|
ENV DEBIAN_FRONTEND=noninteractive |
|
|
|
|
|
RUN apt-get update && \ |
|
|
apt-get install -y --no-install-recommends \ |
|
|
ffmpeg \ |
|
|
libsm6 \ |
|
|
libxext6 \ |
|
|
fontconfig \ |
|
|
imagemagick \ |
|
|
ghostscript && \ |
|
|
( \ |
|
|
POLICY_FILE=$(find /etc/ImageMagick* -name policy.xml -print -quit 2>/dev/null) && \ |
|
|
if [ -n "$POLICY_FILE" ] && [ -f "$POLICY_FILE" ]; then \ |
|
|
echo "INFO: Modifying ImageMagick policy file: $POLICY_FILE"; \ |
|
|
sed -i 's/<policy domain="coder" rights="none" pattern="PS" \/>//' "$POLICY_FILE" && \ |
|
|
sed -i 's/<policy domain="coder" rights="none" pattern="EPS" \/>//' "$POLICY_FILE" && \ |
|
|
sed -i 's/<policy domain="coder" rights="none" pattern="PDF" \/>//' "$POLICY_FILE" && \ |
|
|
sed -i 's/<policy domain="coder" rights="none" pattern="TEXT" \/>//' "$POLICY_FILE" && \ |
|
|
sed -i 's/<policy domain="coder" rights="none" pattern="LABEL" \/>//' "$POLICY_FILE" && \ |
|
|
sed -i 's/<policy domain="path" rights="none" pattern="@*" \/>//' "$POLICY_FILE" && \ |
|
|
echo "INFO: ImageMagick policy potentially updated."; \ |
|
|
else \ |
|
|
echo "WARNING: ImageMagick policy.xml not found. TextClip might fail."; \ |
|
|
fi \ |
|
|
) && \ |
|
|
apt-get clean && \ |
|
|
rm -rf /var/lib/apt/lists/* |
|
|
|
|
|
RUN mkdir -p /usr/local/share/fonts/truetype/mycustomfonts |
|
|
COPY assets/fonts/arial.ttf /usr/local/share/fonts/truetype/mycustomfonts/arial.ttf |
|
|
|
|
|
RUN fc-cache -f -s -v |
|
|
|
|
|
ARG APP_USER_UID=1000 |
|
|
ARG APP_USER_GID=1000 |
|
|
RUN groupadd --gid $APP_USER_GID appgroup && \ |
|
|
useradd --uid $APP_USER_UID --gid appgroup --shell /bin/bash --create-home appuser |
|
|
|
|
|
# Set WORKDIR for appuser's home/app space |
|
|
WORKDIR /home/appuser/app |
|
|
|
|
|
# Copy requirements first (as root or default builder user) |
|
|
COPY requirements.txt ./ |
|
|
RUN python -m pip install --no-cache-dir --upgrade pip && \ |
|
|
python -m pip install --no-cache-dir -r requirements.txt |
|
|
|
|
|
# Copy all application code |
|
|
COPY . . |
|
|
|
|
|
# Ensure the output directory exists and is writable by appuser BEFORE switching user |
|
|
RUN mkdir -p /home/appuser/app/temp_cinegen_media && \ |
|
|
chown -R appuser:appgroup /home/appuser/app/temp_cinegen_media && \ |
|
|
chown -R appuser:appgroup /home/appuser/app |
|
|
|
|
|
# Switch to the non-root user |
|
|
USER appuser |
|
|
# Ensure user's local bin is in PATH for pip-installed executables |
|
|
ENV PATH="/home/appuser/.local/bin:${PATH}" |
|
|
|
|
|
EXPOSE 8501 |
|
|
CMD ["streamlit", "run", "app.py", "--server.headless=true", "--server.port=8501", "--server.fileWatcherType=none"] |
