Spaces:
Sleeping
Sleeping
| FROM python:3.13.5-slim AS builder | |
| ENV DEBIAN_FRONTEND=noninteractive \ | |
| PYTHONUNBUFFERED=1 | |
| # Install build dependencies in one RUN to keep image layers small | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| build-essential \ | |
| python3-dev \ | |
| gcc \ | |
| curl \ | |
| git \ | |
| ca-certificates \ | |
| && rm -rf /var/lib/apt/lists/* | |
| WORKDIR /wheels | |
| # Copy requirements and build wheels to /wheels | |
| COPY requirements.txt . | |
| RUN pip3 wheel --no-cache-dir -r requirements.txt -w /wheels | |
| # ---------------- final image ---------------- | |
| FROM python:3.13.5-slim | |
| ENV DEBIAN_FRONTEND=noninteractive \ | |
| PYTHONUNBUFFERED=1 \ | |
| APP_USER=appuser \ | |
| APP_HOME=/home/appuser \ | |
| APP_DIR=/app \ | |
| # Hugging Face cache dirs inside container (avoid /root/.cache permissions issues) | |
| HF_HOME=/app/.cache/huggingface \ | |
| HUGGINGFACE_HUB_CACHE=/app/.cache/huggingface/hub \ | |
| TRANSFORMERS_CACHE=/app/.cache/huggingface/transformers \ | |
| XDG_CACHE_HOME=/app/.cache | |
| # Install minimal runtime deps and cleanup in one RUN | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| curl \ | |
| ca-certificates \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # Create non-root user and app dirs | |
| RUN useradd --create-home --home-dir ${APP_HOME} --shell /usr/sbin/nologin ${APP_USER} \ | |
| && mkdir -p ${APP_DIR} ${APP_HOME} /app/.cache/huggingface/transformers /app/.cache/huggingface/hub /app/src/logs \ | |
| && chown -R ${APP_USER}:${APP_USER} ${APP_DIR} ${APP_HOME} /app/.cache /app/src/logs | |
| WORKDIR ${APP_DIR} | |
| # Copy project source and wheels from builder | |
| COPY --chown=${APP_USER}:${APP_USER} src/ ./src/ | |
| COPY requirements.txt ./ | |
| COPY --from=builder /wheels /wheels | |
| # Install Python dependencies from built wheels (faster, reproducible) | |
| RUN pip3 install --no-cache-dir --no-index --find-links=/wheels -r requirements.txt \ | |
| && rm -rf /wheels | |
| EXPOSE 8501 | |
| HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \ | |
| CMD curl --fail http://localhost:8501/_stcore/health || exit 1 | |
| # Run as non-root user | |
| USER ${APP_USER} | |
| # NOTE: | |
| # - The entrypoint expects your Streamlit app at src/streamlit_app.py. | |
| # - If your file is named src/streamlitapp.py (no underscore), update the ENTRYPOINT accordingly. | |
| ENTRYPOINT ["streamlit", "run", "src/streamlit_app.py", "--server.port=8501", "--server.address=0.0.0.0"] |