Spaces:
Running
Running
| # Stage 1: Build the dependencies | |
| FROM python:3.12-bullseye AS builder | |
| # Install required system packages | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| git \ | |
| build-essential \ | |
| cmake \ | |
| libopenblas-dev \ | |
| libomp-dev \ | |
| && apt-get clean \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # Set the working directory to /app | |
| WORKDIR /app | |
| # Copy requirements and install dependencies | |
| COPY requirements.txt /app/ | |
| # Install Python dependencies and torchmcubes | |
| RUN pip install --upgrade pip setuptools wheel \ | |
| && pip install -r requirements.txt \ | |
| && pip install git+https://github.com/tatsy/torchmcubes.git@3aef8afa5f21b113afc4f4ea148baee850cbd472 \ | |
| && rm -rf ~/.cache/pip | |
| # Copy the application files | |
| COPY . /app | |
| # Configure Git to treat the directory as safe before switching to the final stage | |
| RUN git config --global --add safe.directory /app | |
| # Stage 2: Final image | |
| FROM python:3.12-slim-bullseye | |
| # Set up a new user named "user" | |
| RUN useradd user | |
| # Set the home environment variable and PATH | |
| ENV HOME=/home/user \ | |
| PATH=/home/user/.local/bin:$PATH | |
| # Set the working directory to the user's home directory | |
| WORKDIR $HOME/app | |
| # Copy the application files and installed packages from the builder stage | |
| COPY --from=builder /app $HOME/app | |
| COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages | |
| COPY --from=builder /usr/local/bin /usr/local/bin | |
| # Change ownership of the app directory to the user | |
| RUN chown -R user:user $HOME/app | |
| # Install git in the final stage | |
| RUN apt-get update && apt-get install -y --no-install-recommends git \ | |
| && apt-get clean \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # Expose secrets at build time and store them in a file | |
| RUN --mount=type=secret,id=AWS_ACCESS_KEY_ID,mode=0444,required=true \ | |
| git config --global --add safe.directory $HOME/app && \ | |
| git init && \ | |
| git remote add secret1 $(cat /run/secrets/AWS_ACCESS_KEY_ID) | |
| RUN --mount=type=secret,id=AWS_SECRET_ACCESS_KEY,mode=0444,required=true \ | |
| git config --global --add safe.directory $HOME/app && \ | |
| git init && \ | |
| git remote add secret2 $(cat /run/secrets/AWS_SECRET_ACCESS_KEY) | |
| RUN --mount=type=secret,id=AWS_DEFAULT_REGION,mode=0444,required=true \ | |
| git config --global --add safe.directory $HOME/app && \ | |
| git init && \ | |
| git remote add secret3 $(cat /run/secrets/AWS_DEFAULT_REGION) | |
| # Switch to the "user" user | |
| USER user | |
| EXPOSE 7860 | |
| # Set the entry point to run the FastAPI application | |
| CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"] | |