|
|
FROM python:3.10-slim |
|
|
|
|
|
ENV PYTHONUNBUFFERED=1 |
|
|
ENV DEBIAN_FRONTEND=noninteractive |
|
|
|
|
|
RUN apt-get update && \ |
|
|
apt-get install -y --no-install-recommends \ |
|
|
ffmpeg \ |
|
|
libsm6 \ |
|
|
libxext6 \ |
|
|
fontconfig \ |
|
|
imagemagick \ |
|
|
ghostscript && \ |
|
|
# Modify ImageMagick policy to be less restrictive for TextClip |
|
|
# This entire block is a single shell command executed by RUN |
|
|
# The semicolon after the fi is important for shell syntax if followed by && |
|
|
# We ensure the subshell commands are properly chained with && inside the subshell |
|
|
# and the whole subshell is one command in the RUN sequence. |
|
|
( \ |
|
|
POLICY_FILE=$(find /etc/ImageMagick* -name policy.xml -print -quit 2>/dev/null) && \ |
|
|
if [ -n "$POLICY_FILE" ] && [ -f "$POLICY_FILE" ]; then \ |
|
|
echo "INFO: Modifying ImageMagick policy file: $POLICY_FILE"; \ |
|
|
sed -i 's/<policy domain="coder" rights="none" pattern="PS" \/>//' "$POLICY_FILE" && \ |
|
|
sed -i 's/<policy domain="coder" rights="none" pattern="PS2" \/>//' "$POLICY_FILE" && \ |
|
|
sed -i 's/<policy domain="coder" rights="none" pattern="PS3" \/>//' "$POLICY_FILE" && \ |
|
|
sed -i 's/<policy domain="coder" rights="none" pattern="EPS" \/>//' "$POLICY_FILE" && \ |
|
|
sed -i 's/<policy domain="coder" rights="none" pattern="PDF" \/>//' "$POLICY_FILE" && \ |
|
|
sed -i 's/<policy domain="coder" rights="none" pattern="XPS" \/>//' "$POLICY_FILE" && \ |
|
|
sed -i 's/<policy domain="coder" rights="none" pattern="LABEL" \/>//' "$POLICY_FILE" && \ |
|
|
sed -i 's/<policy domain="coder" rights="none" pattern="TEXT" \/>//' "$POLICY_FILE" && \ |
|
|
sed -i 's/<policy domain="path" rights="none" pattern="@*" \/>//' "$POLICY_FILE" && \ |
|
|
echo "INFO: ImageMagick policy potentially updated."; \ |
|
|
else \ |
|
|
echo "WARNING: ImageMagick policy.xml not found or find command failed. TextClip might fail."; \ |
|
|
fi \ |
|
|
) && \ |
|
|
apt-get clean && \ |
|
|
rm -rf /var/lib/apt/lists/* |
|
|
|
|
|
# Create directory for custom fonts and copy your font file(s) |
|
|
RUN mkdir -p /usr/local/share/fonts/truetype/mycustomfonts |
|
|
COPY assets/fonts/arial.ttf /usr/local/share/fonts/truetype/mycustomfonts/arial.ttf |
|
|
|
|
|
# Rebuild font cache AFTER copying fonts |
|
|
RUN fc-cache -f -s -v |
|
|
|
|
|
# Create a non-root user and group |
|
|
ARG APP_USER_UID=1000 |
|
|
ARG APP_USER_GID=1000 |
|
|
RUN groupadd --gid $APP_USER_GID appgroup && \ |
|
|
useradd --uid $APP_USER_UID --gid appgroup --shell /bin/bash --create-home appuser |
|
|
|
|
|
WORKDIR /home/appuser/app |
|
|
COPY --chown=appuser:appgroup requirements.txt ./ |
|
|
|
|
|
USER appuser |
|
|
ENV PATH="/home/appuser/.local/bin:${PATH}" |
|
|
|
|
|
RUN python -m pip install --no-cache-dir --upgrade pip |
|
|
RUN python -m pip install --no-cache-dir -r requirements.txt |
|
|
|
|
|
COPY --chown=appuser:appgroup . . |
|
|
|
|
|
EXPOSE 8501 |
|
|
CMD ["streamlit", "run", "app.py", "--server.headless=true", "--server.port=8501", "--server.fileWatcherType=none"] |
