Dockerfile

FROM python:3.9-slim

# Define arguments for user ID and group ID (optional, but good for consistency)
ARG UID=1000
ARG GID=1000

# Install system dependencies required by OpenCV and other build tools
# libgl1-mesa-glx: Provides libGL.so.1 (OpenGL library) - THIS IS THE KEY FIX
# libsm6, libxrender1: Common X11 dependencies often needed by OpenCV
# ffmpeg: Good for general video processing capabilities
# build-essential, curl, software-properties-common, git: Keep your existing dev tools
RUN apt-get update && apt-get install -y \
    build-essential \
    curl \
    software-properties-common \
    git \
    libgl1-mesa-glx \
    libsm6 \
    libxrender1 \
    ffmpeg \
    # Clean up apt caches to reduce image size
    && rm -rf /var/lib/apt/lists/*

# Create a non-root user and group
# -m: create home directory
# -u ${UID}: assign specific UID (optional, but good for host volume mounting)
# -g appgroup: assign to appgroup
RUN groupadd -g ${GID} appgroup && \
    useradd -m -u ${UID} -g appgroup appuser

# Set the HOME environment variable for the new user
ENV HOME /home/appuser

# Set the working directory for the application
# We'll put it in /app and then change ownership so the non-root user can write to it
WORKDIR /app

# Copy your requirements.txt file and install Python dependencies (as root, for system-wide install)
COPY requirements.txt .
RUN pip3 install --no-cache-dir -r requirements.txt

# Change ownership of the /app directory to the new non-root user
# This is crucial so that the 'appuser' can read/write in its working directory
RUN chown -R appuser:appgroup /app

# Switch to the non-root user for subsequent commands
USER appuser

# Copy your application source code and assets into the /app directory
# Now, these files will be owned by 'appuser'
COPY . .

EXPOSE 8501

HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health

# Ensure the entrypoint path is correct for your app within the container
# Based on your structure, it's inside 'src/' relative to the WORKDIR /app
ENTRYPOINT ["streamlit", "run", "src/streamlit_app.py", "--server.port=8501", "--server.address=0.0.0.0"]