Spaces:

Thermostatic
/

TranslateBench-EN-ES

Running

App Files Files Community

Thermostatic commited on May 16

Commit

ea8364e

verified ·

1 Parent(s): be37a83

Update Dockerfile

Browse files

Files changed (1) hide show

Dockerfile +40 -43

Dockerfile CHANGED Viewed

@@ -1,9 +1,7 @@
 FROM python:3.9-slim
-# Set WORKDIR early, it creates /app owned by root initially.
-WORKDIR /app
-# Install system dependencies
 RUN apt-get update && apt-get install -y \
     build-essential \
     curl \
@@ -12,57 +10,56 @@ RUN apt-get update && apt-get install -y \
     libgomp1 \
     && rm -rf /var/lib/apt/lists/*
-# Create a non-root group first. Using a distinct name like 'appgroup'.
-# Using fixed GID 1001. The -r flag makes it a system group.
-RUN groupadd -r --gid 1001 appgroup
-# Create a non-root user.
-# User 'appuser', UID 1001, primary group 'appgroup'.
-# Home directory /app (which already exists from WORKDIR).
-# Shell /bin/false (common for non-login service accounts, universally available).
-# The -r flag creates a system user.
-# We are NOT using -c "comment" here to avoid potential quoting issues.
-RUN useradd -r --uid 1001 --gid appgroup --home-dir /app --shell /bin/false appuser
-# Set environment variables
-# PYTHONUNBUFFERED: Ensures Python output is sent directly (good for logs)
-# STREAMLIT_*: Streamlit specific settings for headless/usage stats
-# HOME: Critical for Streamlit and other tools to find user-specific config paths
-# HF_HOME: Specifies where Hugging Face libraries should store cache
-ENV PYTHONUNBUFFERED=1 \
     STREAMLIT_SERVER_HEADLESS="true" \
     STREAMLIT_BROWSER_GATHERUSAGSTATS="false" \
     STREAMLIT_GLOBAL_GATHERUSAGSTATS="false" \
-    HOME="/app" \
-    HF_HOME="/app/.hf_cache"
-# Create cache and config directories needed by the application.
-# Crucially, change ownership of /app (our HOME and WORKDIR) and its subdirectories
-# to the appuser (UID 1001, GID 1001). This is done as root before switching user.
-RUN mkdir -p /app/.hf_cache /app/.streamlit \
-    && chown -R 1001:1001 /app
-# Copy requirements first to leverage Docker cache
-COPY requirements.txt ./
-# Install Python dependencies (still as root, but will be used by appuser)
-RUN pip3 install --no-cache-dir -r requirements.txt
-# Copy the application source code.
-# Use --chown with numeric UID:GID to ensure appuser owns these files.
-# This assumes your streamlit_app.py is inside a 'src' folder in your build context.
-COPY --chown=1001:1001 src/ ./src/
-# If your streamlit_app.py is at the root of your build context (next to Dockerfile), use:
-# COPY --chown=1001:1001 streamlit_app.py ./streamlit_app.py
-# Switch to the non-root user (use the username)
-USER appuser
 # Expose the port Streamlit will run on
 EXPOSE 8501
-# Healthcheck
 HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health
 # Command to run the Streamlit application
-# Adjust path if streamlit_app.py was copied to /app/streamlit_app.py
-ENTRYPOINT ["streamlit", "run", "src/streamlit_app.py", "--server.port=8501", "--server.address=0.0.0.0"]

+# Use a specific Python 3.9 slim image
 FROM python:3.9-slim
+# Install system dependencies (as root, before creating the non-root user)
 RUN apt-get update && apt-get install -y \
     build-essential \
     curl \
     libgomp1 \
     && rm -rf /var/lib/apt/lists/*
+# Create a non-root user "appuser" with UID 1000 (as expected by HF Spaces)
+# and create its home directory.
+RUN useradd -m -u 1000 appuser
+# Switch to the non-root user "appuser"
+USER appuser
+# Set environment variables for the "appuser"
+# HOME is crucial for tools like pip and streamlit to find user-specific paths
+ENV HOME=/home/appuser
+# Add user's local bin to PATH (where pip --user installs scripts)
+ENV PATH="$HOME/.local/bin:$PATH"
+# Set Hugging Face cache to be within the user's home directory
+ENV HF_HOME="$HOME/.cache/huggingface" \
     STREAMLIT_SERVER_HEADLESS="true" \
     STREAMLIT_BROWSER_GATHERUSAGSTATS="false" \
     STREAMLIT_GLOBAL_GATHERUSAGSTATS="false" \
+    PYTHONUNBUFFERED=1
+# Set the working directory inside the user's home
+# All subsequent COPY and RUN commands will be relative to this
+WORKDIR $HOME/app
+# Copy requirements.txt first and install dependencies as "appuser"
+# --chown=appuser:appuser ensures the copied file is owned by appuser
+COPY --chown=appuser:appuser requirements.txt ./
+# Pip will install packages to user's site-packages (e.g., $HOME/.local/lib/python3.9/site-packages)
+RUN pip install --no-cache-dir -r requirements.txt
+# Copy the application source code into the WORKDIR
+# Ensure your streamlit_app.py is in a 'src' folder at the root of your build context
+# e.g., your project structure is:
+# .
+# ├── Dockerfile
+# ├── requirements.txt
+# └── src/
+#     └── streamlit_app.py
+COPY --chown=appuser:appuser src/ ./src/
+# If your streamlit_app.py is at the root of your project (next to Dockerfile):
+# COPY --chown=appuser:appuser streamlit_app.py ./streamlit_app.py
 # Expose the port Streamlit will run on
 EXPOSE 8501
+# Healthcheck (Streamlit's health endpoint)
 HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health
 # Command to run the Streamlit application
+# Ensure the path to your script is correct relative to WORKDIR ($HOME/app)
+# If streamlit_app.py is in $HOME/app/src/streamlit_app.py:
+ENTRYPOINT ["streamlit", "run", "src/streamlit_app.py", "--server.port=8501", "--server.address=0.0.0.0"]
+# If streamlit_app.py is in $HOME/app/streamlit_app.py (if you changed the COPY above):
+# ENTRYPOINT ["streamlit", "run", "streamlit_app.py", "--server.port=8501", "--server.address=0.0.0.0"]