FROM python:3.10-slim ENV PYTHONDONTWRITEBYTECODE=1 \ PYTHONUNBUFFERED=1 \ PIP_NO_CACHE_DIR=1 \ HF_HOME=/home/user/.cache/huggingface \ SENTENCE_TRANSFORMERS_HOME=/home/user/.cache/huggingface \ STREAMLIT_SERVER_HEADLESS=true \ STREAMLIT_BROWSER_GATHERUSAGESTATS=false RUN apt-get update && apt-get install -y --no-install-recommends \ build-essential \ git \ && rm -rf /var/lib/apt/lists/* # HF Spaces convention: run as non-root user 1000 RUN useradd -m -u 1000 user USER user ENV PATH="/home/user/.local/bin:${PATH}" WORKDIR /home/user/app COPY --chown=user requirements.txt ./ RUN pip install --user --upgrade pip && \ pip install --user --no-cache-dir -r requirements.txt COPY --chown=user . ./ # Pre-warm the embedding model at build time so first request is fast and # doesn't hit a cold HF download from inside the running container. RUN python -c "from sentence_transformers import SentenceTransformer; SentenceTransformer('BAAI/bge-small-en-v1.5')" EXPOSE 7860 CMD ["streamlit", "run", "app.py", \ "--server.port=7860", \ "--server.address=0.0.0.0", \ "--server.enableCORS=false", \ "--server.enableXsrfProtection=false"]