Hugging Face's logo

Spaces:
hadadrjt
/
ai
Building

App Files Community
2
hadadrjt commited on
Commit
4dc1dd0
·
1 Parent(s): baf80c1

ai: Switch to production-ready Docker setup.

Browse files
Files changed (1) hide show
  1. Dockerfile +33 -12
Dockerfile CHANGED
@@ -1,27 +1,48 @@
1
- # Use the latest personal Ubuntu image as the starting point
2
- FROM hadadrjt/ubuntu:latest
 
 
3
 
4
- # Set the user to root to have full permissions during build and runtime
5
- USER root
 
6
 
7
- # Set the working directory inside the container to /usr/src/app
8
- # All subsequent commands will be run in this directory
9
  WORKDIR /usr/src/app
10
 
11
- # Copy all files from the current directory on the host machine to the working directory in the container
 
12
  COPY . .
13
 
14
- # Install Python dependencies listed in requirements.txt without using cache to reduce image size
 
 
15
  RUN pip install --no-cache-dir -r requirements.txt
16
 
17
- # Expose port 7860 so that it can be accessed from outside the container
 
 
 
 
 
 
 
 
 
18
  EXPOSE 7860
19
 
20
- # Set an environment variable to configure the Gradio server to listen on all network interfaces
 
21
  ENV GRADIO_SERVER_NAME="0.0.0.0"
22
 
23
- # Clear any default entrypoint to allow CMD to run directly
 
 
 
 
 
24
  ENTRYPOINT []
25
 
26
- # Specify the default command to run the Python application when the container starts
27
  CMD ["python", "app.py"]
 
1
+ #
2
+ # SPDX-FileCopyrightText: Hadad <[email protected]>
3
+ # SPDX-License-Identifier: Apache-2.0
4
+ #
5
 
6
+ # Use the latest version of Ubuntu image from the specified
7
+ # Docker Hub repository, as the base image for this container.
8
+ FROM hadadrjt/ubuntu:latest
9
 
10
+ # Set the working directory inside the container to /usr/src/app.
11
+ # All subsequent instructions will operate from this path.
12
  WORKDIR /usr/src/app
13
 
14
+ # Copy all files and directories from the build context on the
15
+ # host machine into the working directory in the container.
16
  COPY . .
17
 
18
+ # Install all Python dependencies listed in requirements.txt.
19
+ # The --no-cache-dir flag ensures that pip does not store the
20
+ # downloaded packages, reducing image size.
21
  RUN pip install --no-cache-dir -r requirements.txt
22
 
23
+ # Create a new user named 'app' for running the application in production.
24
+ # Change ownership of the application directory to the 'app' user.
25
+ # Lock the root account to prevent direct login for security reasons.
26
+ # Change the root user's shell to nologin, further restricting access.
27
+ RUN useradd -m app \
28
+ && chown -R app /usr/src/app \
29
+ && passwd -l root \
30
+ && usermod -s /usr/sbin/nologin root
31
+
32
+ # Expose port to allow external access to the Gradio application.
33
  EXPOSE 7860
34
 
35
+ # Set an environment variable so Gradio listens on all network interfaces,
36
+ # enabling external connections.
37
  ENV GRADIO_SERVER_NAME="0.0.0.0"
38
 
39
+ # Switch to the 'app' user for all subsequent instructions to
40
+ # enhance security and prevent running as root.
41
+ USER app
42
+
43
+ # Remove any default entrypoint to ensure only the CMD instruction is
44
+ # executed when the container starts.
45
  ENTRYPOINT []
46
 
47
+ # Define the default command to start the application.
48
  CMD ["python", "app.py"]