Commit
·
680dd7d
1
Parent(s):
8fa7f23
fix(runtime): chown /data to uid 1000 and write firebase creds safely; ensure /data dirs
Browse files- Dockerfile +7 -3
Dockerfile
CHANGED
|
@@ -25,13 +25,17 @@ COPY . .
|
|
| 25 |
|
| 26 |
# Create directories for uploads and results
|
| 27 |
# Ensure writable data directory exists for Spaces
|
| 28 |
-
RUN mkdir -p /data/uploads /data/results
|
| 29 |
|
| 30 |
# Handle Firebase credentials from environment variable (for Hugging Face Spaces secrets)
|
| 31 |
# This allows the credentials to be passed as a secret and written to file at runtime
|
| 32 |
-
RUN echo '#!/bin/
|
|
|
|
| 33 |
echo 'if [ -n "$FIREBASE_CREDENTIALS" ]; then' >> /entrypoint.sh && \
|
| 34 |
-
echo '
|
|
|
|
|
|
|
|
|
|
| 35 |
echo 'fi' >> /entrypoint.sh && \
|
| 36 |
echo 'exec "$@"' >> /entrypoint.sh && \
|
| 37 |
chmod +x /entrypoint.sh
|
|
|
|
| 25 |
|
| 26 |
# Create directories for uploads and results
|
| 27 |
# Ensure writable data directory exists for Spaces
|
| 28 |
+
RUN mkdir -p /data/uploads /data/results && chown -R 1000:1000 /data
|
| 29 |
|
| 30 |
# Handle Firebase credentials from environment variable (for Hugging Face Spaces secrets)
|
| 31 |
# This allows the credentials to be passed as a secret and written to file at runtime
|
| 32 |
+
RUN echo '#!/bin/sh' > /entrypoint.sh && \
|
| 33 |
+
echo 'set -e' >> /entrypoint.sh && \
|
| 34 |
echo 'if [ -n "$FIREBASE_CREDENTIALS" ]; then' >> /entrypoint.sh && \
|
| 35 |
+
echo ' mkdir -p /data' >> /entrypoint.sh && \
|
| 36 |
+
echo ' touch /data/firebase-adminsdk.json' >> /entrypoint.sh && \
|
| 37 |
+
echo ' chmod 600 /data/firebase-adminsdk.json' >> /entrypoint.sh && \
|
| 38 |
+
echo ' printf "%s" "$FIREBASE_CREDENTIALS" > /data/firebase-adminsdk.json' >> /entrypoint.sh && \
|
| 39 |
echo 'fi' >> /entrypoint.sh && \
|
| 40 |
echo 'exec "$@"' >> /entrypoint.sh && \
|
| 41 |
chmod +x /entrypoint.sh
|