Update Dockerfile

Dockerfile

@@ -24,7 +24,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     libglib2.0-0 \
     && rm -rf /var/lib/apt/lists/*
 
-# Modify ImageMagick policy.xml to allow operations needed by MoviePy
+# Modify ImageMagick policy.xml
 RUN if [ -f /etc/ImageMagick-6/policy.xml ]; then \
         XML_FILE="/etc/ImageMagick-6/policy.xml"; \
         echo "INFO: Modifying ImageMagick policy at $XML_FILE (v6) for MoviePy compatibility." ; \
@@ -48,13 +48,18 @@ RUN if [ -f /etc/ImageMagick-6/policy.xml ]; then \
 
 # Create a non-root user and group
 RUN groupadd -r appgroup && useradd --no-log-init -r -g appgroup -u 1000 appuser
-RUN mkdir -p /home/appuser/.cache && chown -R appuser:appgroup /home/appuser
+# Create home directory structure for appuser, including .cache for pip
+RUN mkdir -p /home/appuser/.cache/pip && chown -R appuser:appgroup /home/appuser
 
 # Set Streamlit home directory to be writable by appuser
-ENV STREAMLIT_HOME=/home/appuser/.streamlit
+# This directory will be created within /home/appuser, so appuser will own it.
+ENV STREAMLIT_HOME=/home/appuser/.streamlit 
+# No need to mkdir/chown STREAMLIT_HOME here if appuser creates it at runtime,
+# or if we ensure /home/appuser is writable by appuser.
+# However, to be safe, especially if Streamlit tries to create it very early:
 RUN mkdir -p $STREAMLIT_HOME && chown -R appuser:appgroup $STREAMLIT_HOME
 
-# Copy the requirements file first to leverage Docker cache
+# Copy the requirements file first
 COPY --chown=appuser:appgroup requirements.txt .
 
 # Install Python dependencies as the non-root user
@@ -62,15 +67,29 @@ USER appuser
 RUN pip install --no-cache-dir --upgrade pip && \
     pip install --no-cache-dir -r requirements.txt
 
-# Copy the rest of the application code into the container
-USER root # Switch back to root to copy to /app, then chown
-COPY --chown=appuser:appgroup . .
-USER appuser # Switch back to appuser
+# Switch back to root temporarily for copying application files and setting permissions
+USER root
+COPY . .
+RUN chown -R appuser:appgroup /app
 
-# Create the output directory for media and ensure it's writable by appuser
-RUN mkdir -p /app/temp_cinegen_media
-# The assets directory also needs to be accessible
-RUN mkdir -p /app/assets/fonts
+# Create runtime directories as root, then chown to appuser
+RUN mkdir -p /app/temp_cinegen_media && chown -R appuser:appgroup /app/temp_cinegen_media
+RUN mkdir -p /app/assets/fonts && chown -R appuser:appgroup /app/assets/fonts
+# Ensure custom fonts copied in assets/fonts are usable system-wide if needed by MoviePy's TextClip
+# This assumes your 'arial.ttf' (or other custom fonts) are in 'assets/fonts/' in your project.
+# If they are, copy them to a system font directory and update the font cache.
+# The VisualEngine also tries to load from 'assets/fonts/' directly via Pillow.
+RUN if [ -d "/app/assets/fonts" ] && [ "$(ls -A /app/assets/fonts)" ]; then \
+        mkdir -p /usr/local/share/fonts/truetype/cinegen_custom && \
+        cp /app/assets/fonts/*.*tf /usr/local/share/fonts/truetype/cinegen_custom/ 2>/dev/null || true && \
+        fc-cache -fv && \
+        echo "INFO: Copied custom fonts and refreshed font cache."; \
+    else \
+        echo "INFO: No custom fonts found in /app/assets/fonts to copy system-wide." ; \
+    fi
+
+# Switch to the non-root user for running the application
+USER appuser
 
 # Expose the port Streamlit runs on
 EXPOSE 8501