| # Use an official lightweight Python image. | |
| # https://hub.docker.com/_/python | |
| FROM python:3.10-slim | |
| # Set environment variables to prevent Python from writing pyc files to disc | |
| # and buffering stdout and stderr. | |
| ENV PYTHONDONTWRITEBYTECODE=1 | |
| ENV PYTHONUNBUFFERED=1 | |
| # Install system dependencies required for some Python packages (like sentence-transformers/numpy). | |
| RUN apt-get update && apt-get install -y \ | |
| build-essential \ | |
| curl \ | |
| git \ | |
| git-lfs \ | |
| && git lfs install \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # Set the working directory in the container. | |
| WORKDIR /app | |
| # Ensure src module is discoverable | |
| ENV PYTHONPATH="${PYTHONPATH}:/app" | |
| # Copy the requirements file first to leverage Docker cache. | |
| COPY requirements.txt . | |
| # Install Python dependencies. | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| # Pre-download the embedding model to build it into the image. | |
| # This prevents runtime timeouts and "black screens" on Hugging Face. | |
| RUN python3 -c "from langchain_huggingface import HuggingFaceEmbeddings; HuggingFaceEmbeddings(model_name='BAAI/bge-small-en-v1.5')" | |
| # Copy the rest of the application code. | |
| COPY . . | |
| RUN git lfs pull | |
| RUN chmod +x start.sh | |
| # Expose the port Streamlit runs on. | |
| EXPOSE 8501 | |
| # Create a non-root user and switch to it (Security Best Practice). | |
| RUN useradd -m -u 1000 appuser && chown -R appuser:appuser /app | |
| USER appuser | |
| # Healthcheck to ensure container is running. | |
| HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health || exit 1 | |
| # Command to run the application. | |
| # Command to run the application. | |
| CMD ["./start.sh"] | |