| FROM python:3.11-slim | |
| # System deps | |
| RUN apt-get update && apt-get install -y --no-install-recommends curl && \ | |
| rm -rf /var/lib/apt/lists/* | |
| # Non-root user | |
| RUN useradd -m -u 1000 appuser | |
| WORKDIR /app | |
| # ββ Python deps (changes only when requirements.txt changes) ββββββ | |
| COPY requirements.txt . | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| # ββ App code (changes often β always last) ββββββββββββββββββββββββ | |
| COPY --chown=appuser:appuser . . | |
| ENV PYTHONPATH=/app:$PYTHONPATH \ | |
| HOME=/home/appuser | |
| RUN mkdir -p /home/appuser/.streamlit && \ | |
| printf '[server]\nheadless = true\nport = 7860\nenableCORS = false\nenableXsrfProtection = false\n' > /home/appuser/.streamlit/config.toml && \ | |
| chown -R appuser:appuser /home/appuser/.streamlit /app | |
| USER appuser | |
| EXPOSE 7860 | |
| HEALTHCHECK --interval=30s --timeout=60s --start-period=120s --retries=3 \ | |
| CMD curl --fail http://localhost:7860/_stcore/health || exit 1 | |
| ENTRYPOINT ["streamlit", "run", "app/main.py", "--server.port=7860", "--server.address=0.0.0.0"] | |