| FROM python:3.9-slim | |
| WORKDIR /app | |
| # Install system dependencies | |
| RUN apt-get update && apt-get install -y \ | |
| build-essential \ | |
| curl \ | |
| software-properties-common \ | |
| git \ | |
| libgl1 \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # Copy requirements and source code BEFORE creating the non-root user | |
| # to take advantage of Docker layer caching. | |
| COPY requirements.txt ./ | |
| COPY src/ ./src/ | |
| # Install Python dependencies as root | |
| RUN pip3 install --no-cache-dir -r requirements.txt | |
| # --- Create a non-root user and grant permissions --- | |
| # Create a group and user | |
| RUN groupadd --system appuser && useradd --system --gid appuser appuser | |
| # Change ownership of the app directory to the new user | |
| # This allows the app to write config/cache files | |
| RUN chown -R appuser:appuser /app | |
| # Switch to the non-root user | |
| USER appuser | |
| # --- End of user creation section --- | |
| # You no longer need these lines as chown handles permissions for the entire /app directory | |
| # RUN mkdir -p /app/.streamlit /app/.config | |
| # ENV HOME=/app | |
| # ENV XDG_CONFIG_HOME=/app/.config | |
| EXPOSE 8501 | |
| HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health || exit 1 | |
| ENTRYPOINT ["streamlit", "run", "src/streamlit_app.py", "--server.port=8501", "--server.address=0.0.0.0"] |