Spaces:
Running
Running
add non root user to dockerfile
Browse files- Dockerfile +22 -3
Dockerfile
CHANGED
|
@@ -3,13 +3,32 @@
|
|
| 3 |
|
| 4 |
FROM python:3.9
|
| 5 |
|
|
|
|
| 6 |
RUN useradd -m -u 1000 user
|
| 7 |
-
USER user
|
| 8 |
ENV PATH="/home/user/.local/bin:$PATH"
|
| 9 |
|
| 10 |
WORKDIR /app
|
| 11 |
-
|
| 12 |
COPY . .
|
|
|
|
|
|
|
| 13 |
RUN pip install --no-cache-dir --upgrade -r requirements.txt
|
| 14 |
|
| 15 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
|
| 4 |
FROM python:3.9
|
| 5 |
|
| 6 |
+
# Add non-root user and create working directories
|
| 7 |
RUN useradd -m -u 1000 user
|
|
|
|
| 8 |
ENV PATH="/home/user/.local/bin:$PATH"
|
| 9 |
|
| 10 |
WORKDIR /app
|
|
|
|
| 11 |
COPY . .
|
| 12 |
+
|
| 13 |
+
# Install dependencies as root
|
| 14 |
RUN pip install --no-cache-dir --upgrade -r requirements.txt
|
| 15 |
|
| 16 |
+
# Switch to user
|
| 17 |
+
USER user
|
| 18 |
+
|
| 19 |
+
# Pre-create .streamlit folder to avoid runtime errors
|
| 20 |
+
RUN mkdir -p /home/user/.streamlit
|
| 21 |
+
|
| 22 |
+
# Optional: add a default config to suppress Streamlit's warning
|
| 23 |
+
RUN echo "\
|
| 24 |
+
[server]\n\
|
| 25 |
+
headless = true\n\
|
| 26 |
+
enableCORS = false\n\
|
| 27 |
+
enableXsrfProtection = false\n\
|
| 28 |
+
port = 7860\n\
|
| 29 |
+
address = \"0.0.0.0\"\n\
|
| 30 |
+
" > /home/user/.streamlit/config.toml
|
| 31 |
+
|
| 32 |
+
# Streamlit app entrypoint
|
| 33 |
+
ENTRYPOINT ["streamlit", "run", "app.py"]
|
| 34 |
+
|