Dockerfile

# Use an official Python runtime as a parent image
FROM python:3.10-slim

# Set environment variables to prevent interactive prompts during apt-get install
ENV DEBIAN_FRONTEND=noninteractive

# Install system dependencies
RUN apt-get update && \
    # Attempt to modify the newer deb822-style sources file if it exists.
    # This adds 'contrib' and 'non-free-firmware' to the 'Components' lines.
    (if [ -f /etc/apt/sources.list.d/debian.sources ]; then \
        echo "Modifying /etc/apt/sources.list.d/debian.sources to include contrib and non-free-firmware" && \
        sed -i -e 's/^Components: main$/Components: main contrib non-free-firmware/' \
               -e 's/^Components: main\( .*\)$/Components: main contrib non-free-firmware\1/' \
               /etc/apt/sources.list.d/debian.sources; \
     else \
        echo "/etc/apt/sources.list.d/debian.sources not found, checking /etc/apt/sources.list"; \
     fi) && \
    # Attempt to modify the traditional sources.list file (as a fallback or if it co-exists).
    # Add '|| true' to prevent failure if the file doesn't exist or sed fails on it.
    (if [ -f /etc/apt/sources.list ]; then \
        echo "Modifying /etc/apt/sources.list to include contrib and non-free-firmware" && \
        sed -i 's/main$/main contrib non-free-firmware/g' /etc/apt/sources.list; \
     else \
        echo "/etc/apt/sources.list not found."; \
     fi || true) && \
    # Rerun apt-get update with the (potentially) new sources
    apt-get update && \
    apt-get install -y --no-install-recommends \
    libgl1-mesa-glx \
    libglib2.0-0 \
    fontconfig \
    # Accept the EULA for ttf-mscorefonts-installer non-interactively
    && echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" | debconf-set-selections \
    && apt-get install -y --no-install-recommends ttf-mscorefonts-installer \
    # Clean up apt caches to reduce image size
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/* \
    # Update font cache to make installed fonts available to applications like Pillow
    && fc-cache -f -v

# Set the working directory in the container for subsequent commands
WORKDIR /app

# Create a non-root user and group for better security.
# Using UID/GID 1000 is common for Hugging Face Spaces.
RUN groupadd -g 1000 appuser && useradd --no-log-init -u 1000 -g appuser appuser

# Create necessary application directories within /app.
# Then, set ownership of the entire /app directory (and its contents)
# to the 'appuser'. This ensures the application, running as 'appuser',
# has the necessary permissions, especially for /app/generated_images.
RUN mkdir -p ./app/templates ./app/generated_images && \
    chown -R appuser:appuser ./app

# Copy the requirements file first to leverage Docker layer caching.
# Ensure 'appuser' owns this copied file.
COPY --chown=appuser:appuser requirements.txt .

# Install Python dependencies specified in requirements.txt.
# --no-cache-dir reduces image size by not storing the pip cache.
RUN pip install --no-cache-dir -r requirements.txt

# Copy the rest of the application files into the container's /app directory.
# Ensure 'appuser' owns these copied files.
COPY --chown=appuser:appuser app.py .

# The line to copy 'arial.ttf' was previously REMOVED.
# We are relying on the system-installed Arial from 'ttf-mscorefonts-installer'.

# Copy the entire 'templates' directory (and its contents) from your repository root
# to /app/templates inside the container.
# This requires the 'templates' directory to exist in your repository root.
COPY --chown=appuser:appuser templates ./templates

# Switch to the non-root user 'appuser' for running the application.
# Subsequent commands (like CMD) will run as this user.
USER appuser

# Define an environment variable placeholder for the Telegram token.
# The actual token MUST be set in your Hugging Face Space's secrets settings.
ENV TELEGRAM_TOKEN="7229558358:AAH_btIdtnJvfGhh84O2uVa8wuH88ShUcy0"

# Command to run the application when the container launches.
# This executes 'python app.py' as the 'appuser'.
CMD ["python", "app.py"]