Scratch_Vision_Game_test_dup

Sleeping

App Files Files Community

prthm11 commited on 26 days ago

Commit

d458acb

verified ·

1 Parent(s): 52c4ffb

Update Dockerfile

Browse files

Files changed (1) hide show

Dockerfile +33 -23

Dockerfile CHANGED Viewed

@@ -61,8 +61,11 @@
 # CMD ["gunicorn", "--bind", "0.0.0.0:7860", "--workers", "2", "app:app"]
 # #CMD ["gunicorn", "--bind", "0.0.0.0:7860", "--workers", "", "--timeout", "360", "app:app"]
 FROM python:3.11-slim
 WORKDIR /app
 # Environment: Hugging Face cache + force CPU behavior
@@ -73,14 +76,13 @@ ENV DEBIAN_FRONTEND=noninteractive \
     HF_HOME=/app/cache \
     NLTK_DATA=/app/nltk_data \
     MPLCONFIGDIR=/app/.config/matplotlib \
-    # Force CPU-only for PyTorch/transformers
     CUDA_VISIBLE_DEVICES= \
     PYTORCH_ENABLE_MPS=0 \
-    XDG_CACHE_HOME=/app/.cache \
     PYTORCH_NO_CUDA=1
-# Copy only what's needed (avoid duplicate COPY . /app)
 COPY requirements.txt ./requirements.txt
 COPY app.py ./app.py
 COPY templates/ ./templates/
@@ -88,7 +90,7 @@ COPY utils/ ./utils/
 COPY blocks/ ./blocks/
 COPY generated_projects/ ./generated_projects/
-# Install system dependencies (minimal for CPU inference + common tools)
 RUN apt-get update && apt-get install -y --no-install-recommends \
     fontconfig \
     fonts-dejavu-core \
@@ -104,25 +106,33 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     poppler-utils \
     && apt-get clean && rm -rf /var/lib/apt/lists/*
-# Python deps
-RUN pip install --upgrade pip && pip install --no-cache-dir -r requirements.txt
 RUN python -m nltk.downloader -d /app/nltk_data punkt averaged_perceptron_tagger wordnet || true
-# Create necessary directories with correct permissions
-RUN mkdir -p /app/nltk_data /app/.config/matplotlib \
- && mkdir -p /app/cache /app/data /app/logs /app/outputs /app/blocks \
- && mkdir -p /app/outputs/DETECTED_IMAGE /app/outputs/SCANNED_IMAGE /app/outputs/EXTRACTED_JSON \
- && chown -R root:root /app \
- && chmod -R 755 /app/cache /app/data /app/logs /app/outputs
- RUN mkdir -p /app/.config/matplotlib \
-    /app/cache /app/nltk_data /nltk_data \
-    /app/.cache/fontconfig /root/.cache/fontconfig \
-    && chmod -R 777 /app/.config/matplotlib /app/.cache /app/cache /app/nltk_data /nltk_data /root/.cache/fontconfig
 RUN fc-cache -f -v || true
 # Set Flask env
 ENV FLASK_APP=app.py \
     FLASK_ENV=production
@@ -130,9 +140,9 @@ ENV FLASK_APP=app.py \
 # Expose port
 EXPOSE 7860
-# # Healthcheck (lightweight endpoint; change if your app uses a different path)
-# HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
-#   CMD curl -f http://localhost:7860/healthz || exit 1
-# Single worker avoids multiple processes duplicating model memory on CPU-heavy workloads.
 CMD ["gunicorn", "app:app", "-b", "0.0.0.0:7860", "-w", "1", "--threads", "4", "-k", "gthread", "--timeout", "0", "--graceful-timeout", "0"]

 # CMD ["gunicorn", "--bind", "0.0.0.0:7860", "--workers", "2", "app:app"]
 # #CMD ["gunicorn", "--bind", "0.0.0.0:7860", "--workers", "", "--timeout", "360", "app:app"]
+# Dockerfile — CPU-optimized, permissions-fixed, non-root runtime
 FROM python:3.11-slim
+# Set working dir
 WORKDIR /app
 # Environment: Hugging Face cache + force CPU behavior
     HF_HOME=/app/cache \
     NLTK_DATA=/app/nltk_data \
     MPLCONFIGDIR=/app/.config/matplotlib \
+    XDG_CACHE_HOME=/app/.cache \
+    # Force CPU-only (ensure no CUDA attempts)
     CUDA_VISIBLE_DEVICES= \
     PYTORCH_ENABLE_MPS=0 \
     PYTORCH_NO_CUDA=1
+# Copy minimal files first (leverage layer caching)
 COPY requirements.txt ./requirements.txt
 COPY app.py ./app.py
 COPY templates/ ./templates/
 COPY blocks/ ./blocks/
 COPY generated_projects/ ./generated_projects/
+# Install system dependencies (including fontconfig/fonts)
 RUN apt-get update && apt-get install -y --no-install-recommends \
     fontconfig \
     fonts-dejavu-core \
     poppler-utils \
     && apt-get clean && rm -rf /var/lib/apt/lists/*
+# Create runtime directories, cache dirs, and static dir BEFORE pip install to ensure permissions
+# We will chown to non-root user later
+RUN mkdir -p /app/.config/matplotlib \
+    /app/cache /app/nltk_data /nltk_data \
+    /app/.cache /app/.cache/fontconfig /root/.cache/fontconfig \
+    /app/logs /app/outputs /app/outputs/DETECTED_IMAGE /app/outputs/SCANNED_IMAGE /app/outputs/EXTRACTED_JSON \
+    /app/data /app/blocks /app/static \
+    && chmod -R 755 /app
+# Install Python dependencies
+RUN pip install --upgrade pip \
+ && pip install --no-cache-dir -r requirements.txt
+# Pre-download NLTK packages into the chosen directory so runtime import doesn't try to write
+ENV NLTK_DATA=/app/nltk_data
 RUN python -m nltk.downloader -d /app/nltk_data punkt averaged_perceptron_tagger wordnet || true
+# Populate font cache (will quiet fontconfig warnings)
 RUN fc-cache -f -v || true
+# Create a less-privileged user and give ownership of /app to that user
+RUN useradd -m -u 1000 appuser \
+    && chown -R appuser:appuser /app
+# Switch to non-root user (IMPORTANT: do this AFTER chown)
+USER appuser
 # Set Flask env
 ENV FLASK_APP=app.py \
     FLASK_ENV=production
 # Expose port
 EXPOSE 7860
+# HEALTHCHECK (optional) — uses lightweight endpoint; if you don't have /healthz, change it or remove.
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+  CMD curl -f http://127.0.0.1:7860/healthz || exit 1
+# Run Gunicorn as non-root appuser: single worker + threads, no timeout
 CMD ["gunicorn", "app:app", "-b", "0.0.0.0:7860", "-w", "1", "--threads", "4", "-k", "gthread", "--timeout", "0", "--graceful-timeout", "0"]