| # --------------------------------------------------------------------- | |
| # Base image – use the full tag so `wget` is available for the steps | |
| FROM python:3.9 | |
| # --------------------------------------------------------------------- | |
| # 1. Create UID-1000 account *and its home directory*. | |
| RUN useradd -m -u 1000 user | |
| # Environment: declare the home dir now (some HF-injected commands | |
| # look at $HOME) but stay root for the next layers. | |
| ENV HOME=/home/user \ | |
| PYTHONUNBUFFERED=1 \ | |
| PIP_NO_CACHE_DIR=1 \ | |
| PATH="$HOME/.local/bin:$PATH" | |
| # --------------------------------------------------------------------- | |
| # 2. Install Python dependencies **as root** so the console scripts | |
| # land in /usr/local/bin (already on PATH at runtime). | |
| WORKDIR /app | |
| COPY requirements.txt /tmp/reqs.txt | |
| RUN pip install --no-cache-dir -r /tmp/reqs.txt \ | |
| && rm /tmp/reqs.txt | |
| # --------------------------------------------------------------------- | |
| # 3. Switch to the non-root user for the final image, | |
| # then copy the source tree. | |
| USER user | |
| WORKDIR $HOME/app | |
| COPY --chown=user . . | |
| # --------------------------------------------------------------------- | |
| # 4. Launch: $PORT is set by the platform at runtime; fall back to 8501 | |
| # for local docker runs. | |
| CMD streamlit run app.py \ | |
| --server.port=${PORT:-8501} \ | |
| --server.headless true \ | |
| --server.address 0.0.0.0 | |