Hugging Face's logo

Spaces:
mgbam
/
CingenAI
Running

App Files Community
CingenAI / Dockerfile
mgbam's picture
mgbam
Update Dockerfile
5711951 verified
raw
history blame contribute delete
6.19 kB
 # Use an official Python runtime as a parent image
# Using python:3.10-slim-bullseye for a Debian Bullseye based slim Python 3.10 environment
FROM python:3.10-slim-bullseye
# Set environment variables for Python, pip, and locale
ENV PYTHONUNBUFFERED 1
ENV PYTHONDONTWRITEBYTECODE 1
ENV PIP_NO_CACHE_DIR off
ENV PIP_DISABLE_PIP_VERSION_CHECK 1
ENV DEBIAN_FRONTEND=noninteractive
ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8
# Install system dependencies (as root)
# build-essential for packages that might need to compile C code
# libffi-dev often needed by cryptography (common sub-dependency)
# curl is a generally useful utility
RUN apt-get update && apt-get install -y --no-install-recommends \
ffmpeg \
imagemagick \
git \
build-essential \
libffi-dev \
fonts-dejavu-core \
fonts-liberation \
libgl1-mesa-glx \
libglib2.0-0 \
curl \
&& rm -rf /var/lib/apt/lists/*
# Modify ImageMagick policy.xml (as root)
# This is critical for TextClip and other ImageMagick-dependent features in MoviePy
RUN if [ -f /etc/ImageMagick-6/policy.xml ]; then \
XML_FILE="/etc/ImageMagick-6/policy.xml"; \
echo "INFO: Attempting to modify ImageMagick policy at $XML_FILE (v6)." ; \
elif [ -f /etc/ImageMagick-7/policy.xml ]; then \
XML_FILE="/etc/ImageMagick-7/policy.xml"; \
echo "INFO: Attempting to modify ImageMagick policy at $XML_FILE (v7)." ; \
else \
XML_FILE=""; \
echo "WARNING: ImageMagick policy.xml not found in /etc/ImageMagick-[67]/. MoviePy TextClip might fail." ; \
fi && \
if [ -n "$XML_FILE" ] && [ -f "$XML_FILE" ]; then \
sed -i 's/<policy domain="path" rights="none" pattern="@\*"\/>/<!-- <policy domain="path" rights="none" pattern="@\*" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="TEXT"\/>/<!-- <policy domain="coder" rights="none" pattern="TEXT" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="LABEL"\/>/<!-- <policy domain="coder" rights="none" pattern="LABEL" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="MVG"\/>/<!-- <policy domain="coder" rights="none" pattern="MVG" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="MSL"\/>/<!-- <policy domain="coder" rights="none" pattern="MSL" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="HTTPS"\/>/<!-- <policy domain="coder" rights="none" pattern="HTTPS" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="HTTP"\/>/<!-- <policy domain="coder" rights="none" pattern="HTTP" \/> -->/' "$XML_FILE" && \
echo "INFO: ImageMagick policy modifications applied to $XML_FILE." ; \
else \
echo "INFO: No ImageMagick policy file found to modify, or XML_FILE variable was empty." ; \
fi
# Create a non-root user and group.
# Create home directory, .cache for pip, and .streamlit for Streamlit config.
RUN groupadd -r appgroup --gid 1000 && \
useradd --no-log-init -r -g appgroup -u 1000 --create-home --shell /bin/bash appuser && \
mkdir -p /home/appuser/.cache/pip && \
mkdir -p /home/appuser/.streamlit && \
chown -R appuser:appgroup /home/appuser
# Set Streamlit home directory to the one created for appuser
ENV STREAMLIT_HOME=/home/appuser/.streamlit
# Disable Streamlit telemetry using environment variable (alternative to CLI flag)
ENV BROWSER_GATHERUSAGEDATA=false
# Set the working directory for the application
WORKDIR /app
# Copy requirements.txt first to leverage Docker layer caching.
# Ensure appuser owns this file in its destination.
COPY --chown=appuser:appgroup requirements.txt .
# Switch to the non-root user to install Python packages
USER appuser
RUN pip install --no-cache-dir --upgrade pip && \
echo "Attempting to install packages from requirements.txt as appuser..." && \
pip install --user --no-cache-dir -r requirements.txt
# If you still need streamlit-sortable from GitHub and it's NOT in requirements.txt:
# echo "Attempting to install streamlit-sortable from GitHub as appuser..." && \
# pip install --user --no-cache-dir git+https://github.com/okld/streamlit-sortable.git
# Add the user's local bin directory (where pip --user installs scripts) to PATH
# This ensures executables like 'streamlit' are found.
ENV PATH="/home/appuser/.local/bin:${PATH}"
# Switch back to root only for operations that require root privileges, like copying to system dirs
# For copying application code to /app, appuser should have write permission if WORKDIR is /app and /app is owned by appuser.
# However, using root for COPY and then chown is a common robust pattern.
USER root
COPY . .
# Ensure the entire /app directory and its contents are owned by appuser
RUN chown -R appuser:appgroup /app
# Create runtime directories as appuser (now that /app is owned by appuser)
USER appuser
RUN mkdir -p /app/temp_cinegen_media
RUN mkdir -p /app/assets/fonts # Ensure this exists, even if copied
# Optional: Copy custom fonts to a system-wide location if MoviePy/ImageMagick needs them there.
# This might require switching back to USER root temporarily for the cp and fc-cache.
# For now, relying on Pillow finding fonts in assets/ or system paths.
# USER root
# RUN if [ -d "/app/assets/fonts" ] && [ "$(ls -A /app/assets/fonts)" ]; then \
# mkdir -p /usr/local/share/fonts/truetype/cinegen_custom && \
# cp /app/assets/fonts/*.*tf /usr/local/share/fonts/truetype/cinegen_custom/ 2>/dev/null || true && \
# fc-cache -fv && \
# echo "INFO: Copied custom fonts to system and refreshed font cache."; \
# else \
# echo "INFO: No custom fonts found in /app/assets/fonts to copy system-wide." ; \
# fi
# USER appuser # Switch back to appuser for runtime
# Expose the port Streamlit runs on
EXPOSE 8501
# Define the command to run the application as appuser
# The --browser.gatherUsageStats=false flag should work for Streamlit 1.13+
CMD ["streamlit", "run", "app.py", "--server.port=8501", "--server.address=0.0.0.0", "--browser.gatherUsageStats=false"]