| FROM python:3.11-slim | |
| # System deps (added curl for HEALTHCHECK) | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| build-essential git curl && \ | |
| rm -rf /var/lib/apt/lists/* | |
| # Add a non-root user (Hugging Face Spaces runs as 1000) | |
| RUN useradd -m -u 1000 appuser | |
| WORKDIR /app | |
| # Step 1: Install torch CPU | |
| RUN pip install --no-cache-dir torch==2.6.0 | |
| # Step 2: Install torch extensions from PyG wheels | |
| RUN pip install --no-cache-dir torch_scatter torch_sparse -f https://data.pyg.org/whl/torch-2.6.0+cpu.html | |
| # Step 3: Other Python deps | |
| COPY requirements.txt . | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| # Copy app code and set ownership | |
| COPY --chown=appuser:appuser . . | |
| # Set environment variables | |
| ENV PYTHONPATH=/app:$PYTHONPATH \ | |
| HOME=/home/appuser | |
| # Streamlit config (placed in the correct HOME directory) | |
| RUN mkdir -p /home/appuser/.streamlit && \ | |
| printf '[server]\nheadless = true\nport = 7860\nenableCORS = false\nenableXsrfProtection = false\n' > /home/appuser/.streamlit/config.toml && \ | |
| chown -R appuser:appuser /home/appuser/.streamlit /app | |
| # Switch to the non-root user | |
| USER appuser | |
| EXPOSE 7860 | |
| HEALTHCHECK CMD curl --fail http://localhost:7860/_stcore/health || exit 1 | |
| ENTRYPOINT ["streamlit", "run", "app/main.py", "--server.port=7860", "--server.address=0.0.0.0"] | |