Dockerfile

FROM python:3.10-slim

# Set environment variables
ENV PYTHONUNBUFFERED=1
# Prevents interactive prompts during apt-get install
ENV DEBIAN_FRONTEND=noninteractive

# Install system dependencies including ffmpeg and fonts
# Using ttf-mscorefonts-installer for Arial and other common Microsoft fonts
# fontconfig is needed to make fonts available to applications
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        ffmpeg \
        libsm6 \
        libxext6 \
        fontconfig \
    # For Microsoft Core Fonts EULA pre-acceptance
    && echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" | debconf-set-sections \
    && apt-get install -y --no-install-recommends ttf-mscorefonts-installer \
    && apt-get clean && \
    fc-cache -f -v && \ # Rebuild font cache to make newly installed fonts available
    rm -rf /var/lib/apt/lists/*

# Create a non-root user and group for security and permission handling
ARG APP_USER_UID=1000
ARG APP_USER_GID=1000
RUN groupadd --gid $APP_USER_GID appgroup && \
    useradd --uid $APP_USER_UID --gid appgroup --shell /bin/bash --create-home appuser

# Set the working directory (this will also be appuser's home directory)
WORKDIR /home/appuser/app

# Copy requirements.txt first to leverage Docker build cache
COPY --chown=appuser:appgroup requirements.txt ./

# Upgrade pip and install Python dependencies as the appuser
USER appuser
RUN python -m pip install --no-cache-dir --upgrade pip
RUN python -m pip install --no-cache-dir -r requirements.txt

# Copy the rest of the application code as the appuser
# This ensures correct ownership from the start
COPY --chown=appuser:appgroup . .

# Expose Streamlit's default port
EXPOSE 8501

# Command to run Streamlit
# Using server.headless=true is good practice for containers.
# Streamlit will try to create .streamlit in the user's home dir (/home/appuser)
CMD ["streamlit", "run", "app.py", "--server.headless=true", "--server.port=8501", "--server.fileWatcherType=none"]