Update Dockerfile

Dockerfile

@@ -1,21 +1,85 @@
-FROM python:3.9-slim
+FROM python:3.13.4-slim
 
+# Set environment variables for Hugging Face and app
+ENV HF_HOME=/app/.cache/huggingface \
+    TRANSFORMERS_CACHE=/app/.cache/transformers \
+    HF_DATASETS_CACHE=/app/.cache/datasets \
+    HUGGINGFACE_HUB_CACHE=/app/.cache/huggingface \
+    PYTHONUNBUFFERED=1 \
+    HOME=/app \
+    TMPDIR=/tmp \
+    USER=appuser \
+    UID=1000 \
+    GID=1000
+
+# Set working directory
 WORKDIR /app
 
+# Install basic OS packages
 RUN apt-get update && apt-get install -y \
     build-essential \
     curl \
-    software-properties-common \
     git \
     && rm -rf /var/lib/apt/lists/*
 
-COPY requirements.txt ./
-COPY src/ ./src/
+# Create a non-root user with proper permissions
+RUN groupadd -g $GID $USER && \
+    useradd -u $UID -g $GID -d /app -s /bin/bash $USER
+
+# Create all necessary directories with proper permissions
+RUN mkdir -p /app/.cache/huggingface/hub \
+    && mkdir -p /app/.cache/huggingface/transformers \
+    && mkdir -p /app/.cache/transformers \
+    && mkdir -p /app/.cache/datasets \
+    && mkdir -p /app/.streamlit \
+    && mkdir -p /tmp/huggingface \
+    && mkdir -p /tmp/transformers \
+    && mkdir -p /tmp/datasets \
+    && mkdir -p /app/models
+
+# Set comprehensive permissions
+RUN chmod -R 777 /app/.cache \
+    && chmod -R 777 /tmp \
+    && chmod -R 755 /app \
+    && chown -R $USER:$USER /app \
+    && chown -R $USER:$USER /tmp/huggingface \
+    && chown -R $USER:$USER /tmp/transformers \
+    && chown -R $USER:$USER /tmp/datasets
+
+# Copy files and set ownership
+COPY --chown=$USER:$USER requirements.txt ./
+COPY --chown=$USER:$USER src/ ./src/
+
+
+
+# Switch to non-root user for package installation
+USER $USER
+
+# Install Python dependencies
+RUN pip install --no-cache-dir --user -r requirements.txt
+
+# Ensure pip user installation directory is in PATH
+ENV PATH="/app/.local/bin:$PATH"
 
-RUN pip3 install -r requirements.txt
+# Create a script to handle model downloads with proper error handling
+RUN echo '#!/bin/bash\n\
+# Clean up any existing lock files\n\
+find /app/.cache/huggingface -name "*.lock" -type f -delete 2>/dev/null || true\n\
+find /tmp/huggingface -name "*.lock" -type f -delete 2>/dev/null || true\n\
+\n\
+# Set additional permissions at runtime\n\
+chmod -R 777 /app/.cache 2>/dev/null || true\n\
+chmod -R 777 /tmp 2>/dev/null || true\n\
+\n\
+# Start the application\n\
+exec streamlit run src/streamlit_app.py --server.enableXsrfProtection=false --server.port=8501 --server.address=0.0.0.0\n\
+' > /app/start.sh && chmod +x /app/start.sh
 
+# Expose Streamlit's default port
 EXPOSE 8501
 
-HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health
+# Healthcheck for container status
+HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health || exit 1
 
-ENTRYPOINT ["streamlit", "run", "src/streamlit_app.py", "--server.port=8501", "--server.address=0.0.0.0"]
+# Use the startup script instead of direct entrypoint
+ENTRYPOINT ["/app/start.sh"]