Spaces:
Sleeping
Sleeping
| # 1. Use an official lightweight Python image | |
| FROM python:3.9-slim | |
| # 2. Set environment variables | |
| ENV PYTHONUNBUFFERED=1 \ | |
| PYTHONDONTWRITEBYTECODE=1 \ | |
| PIP_NO_CACHE_DIR=1 | |
| # 3. Create a non-root user (Security Best Practice for HF Spaces) | |
| RUN useradd -m -u 1000 user | |
| USER user | |
| ENV PATH="/home/user/.local/bin:$PATH" | |
| # 4. Set the working directory | |
| WORKDIR /app | |
| # 5. Install system dependencies | |
| USER root | |
| RUN apt-get update && apt-get install -y \ | |
| git \ | |
| build-essential \ | |
| && rm -rf /var/lib/apt/lists/* | |
| USER user | |
| # 6. Copy requirements first | |
| COPY --chown=user requirements.txt ./ | |
| # 7. Install Python dependencies | |
| RUN pip install --upgrade pip && \ | |
| pip install -r requirements.txt | |
| # 8. Copy the rest of the application files | |
| COPY --chown=user . . | |
| # 9. Expose the port | |
| EXPOSE 7860 | |
| # 10. Run the Streamlit app (WITH THE SECURITY FIXES) | |
| CMD ["streamlit", "run", "app.py", \ | |
| "--server.address", "0.0.0.0", \ | |
| "--server.port", "7860", \ | |
| "--server.enableXsrfProtection=false", \ | |
| "--server.enableCORS=false", \ | |
| "--server.fileWatcherType", "none"] |