# Use an official Python runtime as a parent image FROM python:3.10-slim-bullseye # Set environment variables for Python, pip, and locale ENV PYTHONUNBUFFERED 1 ENV PYTHONDONTWRITEBYTECODE 1 ENV PIP_NO_CACHE_DIR off ENV PIP_DISABLE_PIP_VERSION_CHECK 1 ENV DEBIAN_FRONTEND=noninteractive ENV LANG C.UTF-8 ENV LC_ALL C.UTF-8 # Set the working directory in the container WORKDIR /app # Install system dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ ffmpeg \ imagemagick \ git \ fonts-dejavu-core \ fonts-liberation \ libgl1-mesa-glx \ libglib2.0-0 \ && rm -rf /var/lib/apt/lists/* # Modify ImageMagick policy.xml RUN if [ -f /etc/ImageMagick-6/policy.xml ]; then \ XML_FILE="/etc/ImageMagick-6/policy.xml"; \ echo "INFO: Modifying ImageMagick policy at $XML_FILE (v6) for MoviePy compatibility." ; \ elif [ -f /etc/ImageMagick-7/policy.xml ]; then \ XML_FILE="/etc/ImageMagick-7/policy.xml"; \ echo "INFO: Modifying ImageMagick policy at $XML_FILE (v7) for MoviePy compatibility." ; \ else \ XML_FILE=""; \ echo "WARNING: ImageMagick policy.xml not found in /etc/ImageMagick-[67]/. MoviePy TextClip might fail." ; \ fi && \ if [ -n "$XML_FILE" ] && [ -f "$XML_FILE" ]; then \ sed -i 's///' "$XML_FILE" && \ sed -i 's///' "$XML_FILE" && \ sed -i 's///' "$XML_FILE" && \ sed -i 's///' "$XML_FILE" && \ sed -i 's///' "$XML_FILE" && \ sed -i 's///' "$XML_FILE" && \ sed -i 's///' "$XML_FILE" && \ echo "INFO: ImageMagick policy modifications applied to $XML_FILE." ; \ fi # Create a non-root user and group RUN groupadd -r appgroup && useradd --no-log-init -r -g appgroup -u 1000 appuser RUN mkdir -p /home/appuser/.cache/pip && chown -R appuser:appgroup /home/appuser # Set Streamlit home directory to be writable by appuser ENV STREAMLIT_HOME=/home/appuser/.streamlit RUN mkdir -p $STREAMLIT_HOME && chown -R appuser:appgroup $STREAMLIT_HOME # Copy the requirements file first COPY --chown=appuser:appgroup requirements.txt . # Install Python dependencies as the non-root user USER appuser RUN pip install --no-cache-dir --upgrade pip && \ pip install --user --no-cache-dir -r requirements.txt # Added --user flag # Add user's local bin to PATH. This should be done after pip install as appuser ENV PATH="/home/appuser/.local/bin:${PATH}" # Switch back to root temporarily for copying application files and setting permissions USER root COPY . . # This copies to /app RUN chown -R appuser:appgroup /app # Ensure /app is owned by appuser # Create runtime directories as root, then chown to appuser RUN mkdir -p /app/temp_cinegen_media && chown -R appuser:appgroup /app/temp_cinegen_media RUN mkdir -p /app/assets/fonts && chown -R appuser:appgroup /app/assets/fonts RUN if [ -d "/app/assets/fonts" ] && [ "$(ls -A /app/assets/fonts)" ]; then \ mkdir -p /usr/local/share/fonts/truetype/cinegen_custom && \ cp /app/assets/fonts/*.*tf /usr/local/share/fonts/truetype/cinegen_custom/ 2>/dev/null || true && \ fc-cache -fv && \ echo "INFO: Copied custom fonts and refreshed font cache."; \ else \ echo "INFO: No custom fonts found in /app/assets/fonts to copy system-wide." ; \ fi # Switch to the non-root user for running the application USER appuser # Expose the port Streamlit runs on EXPOSE 8501 # Define the command to run the application CMD ["streamlit", "run", "app.py", "--server.port=8501", "--server.address=0.0.0.0", "--global.sharingMode=off", "--client.gatherUsageStats=false"]