Spaces:
Running
Running
Joffrey Thomas
commited on
Commit
·
2492fbe
1
Parent(s):
c8516c9
usergroup
Browse files- Dockerfile +14 -3
Dockerfile
CHANGED
|
@@ -2,21 +2,32 @@ FROM python:3.11-slim
|
|
| 2 |
|
| 3 |
WORKDIR /app
|
| 4 |
|
|
|
|
|
|
|
|
|
|
| 5 |
# Install uv for faster package management
|
| 6 |
RUN pip install uv
|
| 7 |
|
| 8 |
# Set UV_CACHE_DIR to a writable location
|
| 9 |
ENV UV_CACHE_DIR /app/.uv_cache
|
| 10 |
|
| 11 |
-
# Copy requirements file
|
| 12 |
-
COPY requirements.txt .
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13 |
|
| 14 |
# Install dependencies using uv
|
| 15 |
RUN uv venv
|
| 16 |
RUN uv pip install -r requirements.txt
|
| 17 |
|
| 18 |
# Copy application code
|
| 19 |
-
|
|
|
|
| 20 |
|
| 21 |
# Expose the port the server runs on
|
| 22 |
EXPOSE 7860
|
|
|
|
| 2 |
|
| 3 |
WORKDIR /app
|
| 4 |
|
| 5 |
+
# Create a non-root user and group
|
| 6 |
+
RUN groupadd -r appgroup && useradd -r -g appgroup -d /app -s /sbin/nologin -c "Docker image user" appuser
|
| 7 |
+
|
| 8 |
# Install uv for faster package management
|
| 9 |
RUN pip install uv
|
| 10 |
|
| 11 |
# Set UV_CACHE_DIR to a writable location
|
| 12 |
ENV UV_CACHE_DIR /app/.uv_cache
|
| 13 |
|
| 14 |
+
# Copy requirements file first to leverage Docker cache
|
| 15 |
+
COPY --chown=appuser:appgroup requirements.txt .
|
| 16 |
+
|
| 17 |
+
# Create the cache directory and set permissions before switching user
|
| 18 |
+
# This ensures the directory exists and is writable by appuser
|
| 19 |
+
RUN mkdir -p /app/.uv_cache && chown -R appuser:appgroup /app/.uv_cache
|
| 20 |
+
|
| 21 |
+
# Switch to the non-root user
|
| 22 |
+
USER appuser
|
| 23 |
|
| 24 |
# Install dependencies using uv
|
| 25 |
RUN uv venv
|
| 26 |
RUN uv pip install -r requirements.txt
|
| 27 |
|
| 28 |
# Copy application code
|
| 29 |
+
# Ensure the appuser owns the application code as well
|
| 30 |
+
COPY --chown=appuser:appgroup server.py .
|
| 31 |
|
| 32 |
# Expose the port the server runs on
|
| 33 |
EXPOSE 7860
|