Adapted Dockerfile for systems with read only file system. Minor package updates.

.dockerignore

@@ -4,10 +4,9 @@
 *.jpg
 *.png
 *.ipynb
+*.pyc
 examples/*
 processing/*
-input/*
-output/*
 tools/__pycache__/*
 old_code/*
 tesseract/*
@@ -15,9 +14,18 @@ poppler/*
 build/*
 dist/*
 build_deps/*
-logs/*
-config/*
 user_guide/*
-cdk/*
 cdk/config/*
-web/*
+tld/*
+cdk/config/*
+cdk/cdk.out/*
+cdk/archive/*
+cdk.json
+cdk.context.json
+.quarto/*
+logs/
+output/
+input/
+feedback/
+config/
+usage/

.gitignore

@@ -4,6 +4,7 @@
 *.jpg
 *.png
 *.ipynb
+*.pyc
 examples/*
 processing/*
 input/*
@@ -19,6 +20,14 @@ logs/*
 config/*
 doc_redaction_amplify_app/*
 user_guide/*
-cdk/*
 cdk/config/*
-web/*
+cdk/cdk.out/*
+cdk/archive/*
+tld/*
+tmp/*
+cdk.out/*
+cdk.json
+cdk.context.json
+.quarto/*
+/.quarto/
+/_site/

Dockerfile

@@ -1,14 +1,14 @@
 # Stage 1: Build dependencies and download models
 FROM public.ecr.aws/docker/library/python:3.11.11-slim-bookworm AS builder
 
-# Install system dependencies. Need to specify -y for poppler to get it to install
+# Install system dependencies
 RUN apt-get update \
     && apt-get install -y \
         g++ \
         make \
         cmake \
         unzip \
-        libcurl4-openssl-dev \        
+        libcurl4-openssl-dev \
         git \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
@@ -17,28 +17,20 @@ WORKDIR /src
 
 COPY requirements.txt .
 
-RUN pip install --no-cache-dir --target=/install -r requirements.txt
-
-RUN rm requirements.txt
+RUN pip install --no-cache-dir --target=/install -r requirements.txt && rm requirements.txt
 
-# Add lambda_entrypoint.py to the container
+# Add lambda entrypoint and script
 COPY lambda_entrypoint.py .
-
 COPY entrypoint.sh .
 
 # Stage 2: Final runtime image
 FROM public.ecr.aws/docker/library/python:3.11.11-slim-bookworm
 
-# Define a build argument with a default value
+# Set build-time and runtime environment variable
 ARG APP_MODE=gradio
-
-# Echo the APP_MODE during the build to confirm its value
-RUN echo "APP_MODE is set to: ${APP_MODE}"
-
-# Set APP_MODE as an environment variable for runtime
 ENV APP_MODE=${APP_MODE}
 
-# Install system dependencies
+# Install runtime dependencies
 RUN apt-get update \
     && apt-get install -y \
         tesseract-ocr \
@@ -48,30 +40,85 @@ RUN apt-get update \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
-# Set up a new user named "user" with user ID 1000
+# Create non-root user
 RUN useradd -m -u 1000 user
+ENV APP_HOME=/home/user
 
-# Create required directories
-RUN mkdir -p /home/user/app/{output,input,tld,logs,usage,feedback,config} \
-    && chown -R user:user /home/user/app
+# Set env variables for Gradio & other apps
+ENV GRADIO_TEMP_DIR=/tmp/gradio_tmp/ \
+    TLDEXTRACT_CACHE=/tmp/tld/ \
+    MPLCONFIGDIR=/tmp/matplotlib_cache/ \
+    GRADIO_OUTPUT_FOLDER=$APP_HOME/app/output/ \
+    GRADIO_INPUT_FOLDER=$APP_HOME/app/input/ \
+    FEEDBACK_LOGS_FOLDER=$APP_HOME/app/feedback/ \
+    ACCESS_LOGS_FOLDER=$APP_HOME/app/logs/ \
+    USAGE_LOGS_FOLDER=$APP_HOME/app/usage/ \
+    CONFIG_FOLDER=$APP_HOME/app/config/ \
+    XDG_CACHE_HOME=/tmp/xdg_cache/user_1000
+
+# Create the base application directory and set its ownership
+RUN mkdir -p ${APP_HOME}/app && chown user:user ${APP_HOME}/app
+
+# Create required sub-folders within the app directory and set their permissions
+# This ensures these specific directories are owned by 'user'
+RUN mkdir -p \
+    ${APP_HOME}/app/output \
+    ${APP_HOME}/app/input \
+    ${APP_HOME}/app/logs \
+    ${APP_HOME}/app/usage \
+    ${APP_HOME}/app/feedback \
+    ${APP_HOME}/app/config \
+    && chown user:user \
+    ${APP_HOME}/app/output \
+    ${APP_HOME}/app/input \
+    ${APP_HOME}/app/logs \
+    ${APP_HOME}/app/usage \
+    ${APP_HOME}/app/feedback \
+    ${APP_HOME}/app/config \
+    && chmod 755 \
+    ${APP_HOME}/app/output \
+    ${APP_HOME}/app/input \
+    ${APP_HOME}/app/logs \
+    ${APP_HOME}/app/usage \
+    ${APP_HOME}/app/feedback \
+    ${APP_HOME}/app/config
+
+# Now handle the /tmp and /var/tmp directories and their subdirectories
+RUN mkdir -p /tmp/gradio_tmp /tmp/tld /tmp/matplotlib_cache /tmp /var/tmp ${XDG_CACHE_HOME} \
+    && chown user:user /tmp /var/tmp /tmp/gradio_tmp /tmp/tld /tmp/matplotlib_cache ${XDG_CACHE_HOME} \
+    && chmod 1777 /tmp /var/tmp /tmp/gradio_tmp /tmp/tld /tmp/matplotlib_cache \
+    && chmod 700 ${XDG_CACHE_HOME}
 
 # Copy installed packages from builder stage
 COPY --from=builder /install /usr/local/lib/python3.11/site-packages/
 
-# Download NLTK data packages - now no longer necessary
-# RUN python -m nltk.downloader --quiet punkt stopwords punkt_tab
+# Copy app code and entrypoint with correct ownership
+COPY --chown=user . $APP_HOME/app
 
-# Entrypoint helps to switch between Gradio and Lambda mode
+# Copy and chmod entrypoint
 COPY entrypoint.sh /entrypoint.sh
-
 RUN chmod +x /entrypoint.sh
 
-# Switch to the "user" user
+# Switch to user
 USER user
 
-ENV APP_HOME=/home/user
+# Declare working directory
+WORKDIR $APP_HOME/app
 
-# Set environmental variables
+# Declare volumes (NOTE: runtime mounts will override permissions — handle with care)
+VOLUME ["/tmp/matplotlib_cache"]
+VOLUME ["/tmp/gradio_tmp"]
+VOLUME ["/tmp/tld"]
+VOLUME ["/home/user/app/output"]
+VOLUME ["/home/user/app/input"]
+VOLUME ["/home/user/app/logs"]
+VOLUME ["/home/user/app/usage"]
+VOLUME ["/home/user/app/feedback"]
+VOLUME ["/home/user/app/config"]
+VOLUME ["/tmp"]
+VOLUME ["/var/tmp"]
+
+# Set runtime environment
 ENV PATH=$APP_HOME/.local/bin:$PATH \
     PYTHONPATH=$APP_HOME/app \
     PYTHONUNBUFFERED=1 \
@@ -80,20 +127,8 @@ ENV PATH=$APP_HOME/.local/bin:$PATH \
     GRADIO_NUM_PORTS=1 \
     GRADIO_SERVER_NAME=0.0.0.0 \
     GRADIO_SERVER_PORT=7860 \
-    GRADIO_ANALYTICS_ENABLED=False \
-    TLDEXTRACT_CACHE=$APP_HOME/app/tld/.tld_set_snapshot \
-    SYSTEM=spaces
-
-# Set the working directory to the user's home directory
-WORKDIR $APP_HOME/app
-
-# Copy the app code to the container
-COPY --chown=user . $APP_HOME/app
-
-# Ensure permissions are really user:user again after copying
-RUN chown -R user:user $APP_HOME/app && chmod -R u+rwX $APP_HOME/app
+    GRADIO_ANALYTICS_ENABLED=False
 
-ENTRYPOINT [ "/entrypoint.sh" ]
+ENTRYPOINT ["/entrypoint.sh"]
 
-# Default command for Lambda mode
-CMD [ "lambda_entrypoint.lambda_handler" ]
+CMD ["lambda_entrypoint.lambda_handler"]

README.md

@@ -5,12 +5,12 @@ colorFrom: blue
 colorTo: yellow
 sdk: docker
 app_file: app.py
-pinned: false
+pinned: true
 license: agpl-3.0
 ---
 # Document redaction
 
-version: 0.6.8
+version: 0.7.0
 
 Redact personally identifiable information (PII) from documents (pdf, images), open text, or tabular data (xlsx/csv/parquet). Please see the [User Guide](#user-guide) for a walkthrough on how to use the app. Below is a very brief overview.
     

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "doc_redaction"
-version = "0.6.8"
+version = "0.7.0"
 description = "Redact PDF/image-based documents, or CSV/XLSX files using a Gradio-based GUI interface"
 readme = "README.md"
 requires-python = ">=3.10"
@@ -23,8 +23,8 @@ dependencies = [
     "spacy==3.8.4",
     # Direct URL dependency for spacy model
     "en_core_web_lg @ https://github.com/explosion/spacy-models/releases/download/en_core_web_lg-3.8.0/en_core_web_lg-3.8.0.tar.gz",
-    "gradio==5.29.1",
-    "boto3==1.38.4",
+    "gradio==5.33.2",
+    "boto3==1.38.35",
     "pyarrow==19.0.1",
     "openpyxl==3.1.5",
     "Faker==36.1.1",
@@ -39,7 +39,7 @@ dependencies = [
 ]
 
 [project.urls]
-Homepage = "https://seanpedrick-case.github.io/doc_redaction/README.html"
+Homepage = "https://seanpedrick-case.github.io/doc_redaction/"
 repository = "https://github.com/seanpedrick-case/doc_redaction"
 
 [project.optional-dependencies]

requirements.txt

@@ -10,8 +10,8 @@ pandas==2.2.3
 scikit-learn==1.6.1
 spacy==3.8.4
 en_core_web_lg @ https://github.com/explosion/spacy-models/releases/download/en_core_web_lg-3.8.0/en_core_web_lg-3.8.0.tar.gz
-gradio==5.29.1
-boto3==1.38.4
+gradio==5.33.2
+boto3==1.38.35
 pyarrow==19.0.1
 openpyxl==3.1.5
 Faker==36.1.1