# Use a lightweight official Python runtime FROM python:3.10-slim # Set environment variables ENV PYTHONUNBUFFERED=1 \ PYTHONDONTWRITEBYTECODE=1 \ PORT=7860 \ HOME=/home/user \ PATH=/home/user/.local/bin:$PATH # Create a non-root user (Hugging Face best practice) RUN useradd -m -u 1000 user # Install system dependencies required by OpenCV / YOLOv8 RUN apt-get update && apt-get install -y --no-install-recommends \ libgl1 \ libglib2.0-0 \ && rm -rf /var/lib/apt/lists/* # Set working directory WORKDIR /code # Copy requirements file first to leverage Docker cache # Change ownership to the new user COPY --chown=user:user requirements.txt /code/requirements.txt # Switch from root to the new user before installing python packages USER user # Install CPU-specific PyTorch to keep image size small and speed up builds RUN pip install --no-cache-dir --upgrade pip && \ pip install --no-cache-dir torch torchvision --index-url https://download.pytorch.org/whl/cpu && \ pip install --no-cache-dir -r requirements.txt # Copy the rest of the application files with correct ownership COPY --chown=user:user . /code # Expose the default port for Hugging Face Spaces EXPOSE 7860 # Run the application CMD ["python", "app.py"]