Hugging Face's logo

Spaces:
NX-AI
/
TiRex-demo
Running on T4

App Files Community
Nikita commited on
Commit
64bc6d4
·
1 Parent(s): 5d5bc3a

upd dockerfile permission like developer of HF suggested

Browse files
Files changed (1) hide show
  1. Dockerfile +27 -28
Dockerfile CHANGED
@@ -1,39 +1,38 @@
1
- # Base image with Conda
2
  FROM continuumio/miniconda3
3
 
4
- # Set working directory
5
- WORKDIR /app
6
-
7
- # --- ADD THESE LINES HERE ---
8
- # Set environment variables to control cache locations
9
- # This prevents permission errors by directing cache writes to a local .cache
10
- # directory within our /app folder, which is always writable.
11
- ENV HF_HOME=/app/.cache/huggingface
12
- ENV MPLCONFIGDIR=/app/.cache/matplotlib
13
- # ---------------------------
14
-
15
- # Copy environment.yaml for conda
16
  COPY environment.yaml /tmp/environment.yaml
17
-
18
- # Create the Conda environment
19
  RUN conda env create -f /tmp/environment.yaml
20
 
21
- # Set default shell to use conda env
22
- SHELL ["conda", "run", "--no-capture-output", "-n", "tirex", "/bin/bash", "-c"]
 
 
23
 
24
- # Copy all project files and folders
25
- COPY app.py /app/
26
- COPY static /app/static
27
- COPY data /app/data
28
- COPY tirex /app/tirex
29
 
30
- # Change ownership of the /app directory to the container's non-root user.
31
- # This is crucial to allow the application to create cache files and directories.
32
- RUN chown -R 1000:1000 /app
33
 
 
 
 
34
 
35
- # Expose the default port
 
36
  EXPOSE 7860
37
 
38
- # Run your app
39
- CMD ["conda", "run", "--no-capture-output", "-n", "tirex", "python", "app.py"]
 
 
 
 
 
1
+ # 1. Base Image: Start with Miniconda as your project requires it.
2
  FROM continuumio/miniconda3
3
 
4
+ # 2. Create Conda Environment:
5
+ # First, copy only the environment file and create the environment.
6
+ # This is done as root and caches this layer, so it only re-runs if environment.yaml changes.
 
 
 
 
 
 
 
 
 
7
  COPY environment.yaml /tmp/environment.yaml
 
 
8
  RUN conda env create -f /tmp/environment.yaml
9
 
10
+ # 3. Create a Non-Root User:
11
+ # As shown in your example, we create a dedicated, non-root user to run the application.
12
+ # This is a critical security and permissions best practice.
13
+ RUN useradd -m -u 1000 user
14
 
15
+ # 4. Copy Application Code:
16
+ # Copy the rest of your application code into the user's home directory.
17
+ # The `--chown=user:user` flag sets the correct ownership at the same time,
18
+ # which is more efficient and cleaner than a separate `chown` command.
19
+ COPY --chown=user:user . /home/user/app
20
 
21
+ # 5. Switch to Non-Root User:
22
+ # From this point on, all commands will be run as 'user'.
23
+ USER user
24
 
25
+ # 6. Set Working Directory:
26
+ # Set the working directory to where the code was copied.
27
+ WORKDIR /home/user/app
28
 
29
+ # 7. Expose Port:
30
+ # Expose the port your Gradio app will run on.
31
  EXPOSE 7860
32
 
33
+ # 8. Run the Application:
34
+ # Use the `conda run` command to execute your app within the 'tirex' environment.
35
+ # Because we are now running as 'user', any libraries that need to write to a cache
36
+ # (like Hugging Face, Matplotlib, or PyTorch) will do so inside `/home/user/.cache`,
37
+ # which is writable by 'user', completely solving all previous permission errors.
38
+ CMD ["conda", "run", "--no-capture-output", "-n", "tirex", "python", "app.py"]