Spaces:
Sleeping
Sleeping
Update Dockerfile
Browse files- Dockerfile +12 -16
Dockerfile
CHANGED
|
@@ -4,8 +4,6 @@ FROM python:3.11.4-slim as builder
|
|
| 4 |
|
| 5 |
WORKDIR /usr/src/app
|
| 6 |
|
| 7 |
-
# We do NOT set PYTHONPYCACHEPREFIX. We will use a simpler method.
|
| 8 |
-
|
| 9 |
# Copy and install dependencies
|
| 10 |
COPY requirements.txt ./
|
| 11 |
RUN pip install --no-cache-dir -r requirements.txt
|
|
@@ -13,9 +11,7 @@ RUN pip install --no-cache-dir -r requirements.txt
|
|
| 13 |
# Copy the application source code
|
| 14 |
COPY . .
|
| 15 |
|
| 16 |
-
# Compile all .py files.
|
| 17 |
-
# The -b flag creates legacy .pyc files right next to the .py files (e.g., app.pyc)
|
| 18 |
-
# This is the simplest and most reliable method for our use case.
|
| 19 |
RUN python -m compileall -b -f .
|
| 20 |
|
| 21 |
|
|
@@ -27,23 +23,23 @@ WORKDIR /usr/src/app
|
|
| 27 |
|
| 28 |
# Create a non-root user for enhanced security
|
| 29 |
RUN useradd --create-home appuser
|
| 30 |
-
USER appuser
|
| 31 |
|
| 32 |
-
#
|
| 33 |
-
# Copy ONLY the compiled .pyc files from the builder stage.
|
| 34 |
-
# The glob pattern (*) ensures we get all of them.
|
| 35 |
COPY --from=builder /usr/src/app/*.pyc .
|
| 36 |
-
|
| 37 |
-
# Copy the templates and requirements file as before.
|
| 38 |
COPY --from=builder /usr/src/app/templates ./templates
|
| 39 |
COPY --from=builder /usr/src/app/requirements.txt .
|
| 40 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41 |
# Install the runtime dependencies into the final image
|
| 42 |
-
USER root
|
| 43 |
RUN pip install --no-cache-dir -r requirements.txt
|
| 44 |
-
USER appuser
|
| 45 |
|
| 46 |
-
#
|
| 47 |
-
#
|
| 48 |
-
# Hardcoding a port like 7860 will cause health check failures on Render.
|
| 49 |
CMD ["gunicorn", "app:app", "--bind", "0.0.0.0:7860"]
|
|
|
|
| 4 |
|
| 5 |
WORKDIR /usr/src/app
|
| 6 |
|
|
|
|
|
|
|
| 7 |
# Copy and install dependencies
|
| 8 |
COPY requirements.txt ./
|
| 9 |
RUN pip install --no-cache-dir -r requirements.txt
|
|
|
|
| 11 |
# Copy the application source code
|
| 12 |
COPY . .
|
| 13 |
|
| 14 |
+
# Compile all .py files. The -b flag creates legacy .pyc files.
|
|
|
|
|
|
|
| 15 |
RUN python -m compileall -b -f .
|
| 16 |
|
| 17 |
|
|
|
|
| 23 |
|
| 24 |
# Create a non-root user for enhanced security
|
| 25 |
RUN useradd --create-home appuser
|
|
|
|
| 26 |
|
| 27 |
+
# Copy the compiled .pyc files and other assets
|
|
|
|
|
|
|
| 28 |
COPY --from=builder /usr/src/app/*.pyc .
|
|
|
|
|
|
|
| 29 |
COPY --from=builder /usr/src/app/templates ./templates
|
| 30 |
COPY --from=builder /usr/src/app/requirements.txt .
|
| 31 |
|
| 32 |
+
# --- THIS IS THE KEY FIX FOR PERMISSIONERROR ---
|
| 33 |
+
# Change the ownership of the entire app directory to our new user.
|
| 34 |
+
# This allows the user to write files like client_secrets.json and token.json.
|
| 35 |
+
RUN chown -R appuser:appuser /usr/src/app
|
| 36 |
+
|
| 37 |
+
# Switch to the non-root user BEFORE installing final packages and running the app
|
| 38 |
+
USER appuser
|
| 39 |
+
|
| 40 |
# Install the runtime dependencies into the final image
|
|
|
|
| 41 |
RUN pip install --no-cache-dir -r requirements.txt
|
|
|
|
| 42 |
|
| 43 |
+
# The command to run the application.
|
| 44 |
+
# It will listen on the port Hugging Face provides (usually 7860) via the $PORT variable.
|
|
|
|
| 45 |
CMD ["gunicorn", "app:app", "--bind", "0.0.0.0:7860"]
|