Spaces:
Sleeping
Sleeping
| # Use a lightweight Python base image | |
| FROM python:3.11-slim | |
| # Prevent .pyc files and ensure stdout/stderr are unbuffered | |
| ENV PYTHONDONTWRITEBYTECODE=1 \ | |
| PYTHONUNBUFFERED=1 | |
| # Set working directory inside the container | |
| WORKDIR /app | |
| # Create a non-root user and group | |
| RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser | |
| # Install system-level dependencies (e.g., for building wheels or fonts for Panel) | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| build-essential \ | |
| libgl1 \ | |
| curl \ | |
| && apt-get clean && rm -rf /var/lib/apt/lists/* | |
| # Copy and install Python dependencies | |
| COPY --chown=appuser:appgroup requirements.txt . | |
| RUN pip install --upgrade pip && pip install --no-cache-dir -r requirements.txt | |
| # Copy the full app code | |
| COPY --chown=appuser:appgroup . . | |
| # Set file permissions | |
| RUN mkdir -p /.cache /app/.chroma && chown -R appuser:appgroup /.cache /app | |
| # Use non-root user | |
| USER appuser | |
| # Expose Panel's default port | |
| EXPOSE 7860 | |
| # Launch the app | |
| CMD ["panel", "serve", "app.py", "--address", "0.0.0.0", "--port", "7860", "--allow-websocket-origin", "*"] |