File size: 4,975 Bytes
af8f89c 10b70a9 6a0246e af8f89c 10b70a9 6a0246e 10b70a9 af8f89c 10b70a9 af8f89c 6a0246e af8f89c f4be5ea 262b6c2 af8f89c 6db1678 af8f89c 6db1678 af8f89c 6db1678 af8f89c 6db1678 af8f89c 111ba62 6a0246e 262b6c2 6a0246e 262b6c2 6a0246e 262b6c2 6a0246e 0f0f717 6a0246e 264ac69 262b6c2 264ac69 262b6c2 5e1192b af8f89c 5afbe18 af8f89c 6a0246e |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
# Use an official Python runtime as a parent image
FROM python:3.10-slim-bullseye
# Set environment variables for Python, pip, and locale
ENV PYTHONUNBUFFERED 1
ENV PYTHONDONTWRITEBYTECODE 1
ENV PIP_NO_CACHE_DIR off
ENV PIP_DISABLE_PIP_VERSION_CHECK 1
ENV DEBIAN_FRONTEND=noninteractive
ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8
# Set the working directory in the container
WORKDIR /app
# Install system dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
ffmpeg \
imagemagick \
git \
fonts-dejavu-core \
fonts-liberation \
libgl1-mesa-glx \
libglib2.0-0 \
&& rm -rf /var/lib/apt/lists/*
# Modify ImageMagick policy.xml
RUN if [ -f /etc/ImageMagick-6/policy.xml ]; then \
XML_FILE="/etc/ImageMagick-6/policy.xml"; \
echo "INFO: Modifying ImageMagick policy at $XML_FILE (v6) for MoviePy compatibility." ; \
elif [ -f /etc/ImageMagick-7/policy.xml ]; then \
XML_FILE="/etc/ImageMagick-7/policy.xml"; \
echo "INFO: Modifying ImageMagick policy at $XML_FILE (v7) for MoviePy compatibility." ; \
else \
XML_FILE=""; \
echo "WARNING: ImageMagick policy.xml not found in /etc/ImageMagick-[67]/. MoviePy TextClip might fail." ; \
fi && \
if [ -n "$XML_FILE" ] && [ -f "$XML_FILE" ]; then \
sed -i 's/<policy domain="path" rights="none" pattern="@\*"\/>/<!-- <policy domain="path" rights="none" pattern="@\*" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="TEXT"\/>/<!-- <policy domain="coder" rights="none" pattern="TEXT" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="LABEL"\/>/<!-- <policy domain="coder" rights="none" pattern="LABEL" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="MVG"\/>/<!-- <policy domain="coder" rights="none" pattern="MVG" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="MSL"\/>/<!-- <policy domain="coder" rights="none" pattern="MSL" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="HTTPS"\/>/<!-- <policy domain="coder" rights="none" pattern="HTTPS" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="HTTP"\/>/<!-- <policy domain="coder" rights="none" pattern="HTTP" \/> -->/' "$XML_FILE" && \
echo "INFO: ImageMagick policy modifications applied to $XML_FILE." ; \
fi
# Create a non-root user and group
RUN groupadd -r appgroup && useradd --no-log-init -r -g appgroup -u 1000 appuser
# Create home directory structure for appuser, including .cache for pip
RUN mkdir -p /home/appuser/.cache/pip && chown -R appuser:appgroup /home/appuser
# Set Streamlit home directory to be writable by appuser
# This directory will be created within /home/appuser, so appuser will own it.
ENV STREAMLIT_HOME=/home/appuser/.streamlit
# No need to mkdir/chown STREAMLIT_HOME here if appuser creates it at runtime,
# or if we ensure /home/appuser is writable by appuser.
# However, to be safe, especially if Streamlit tries to create it very early:
RUN mkdir -p $STREAMLIT_HOME && chown -R appuser:appgroup $STREAMLIT_HOME
# Copy the requirements file first
COPY --chown=appuser:appgroup requirements.txt .
# Install Python dependencies as the non-root user
USER appuser
RUN pip install --no-cache-dir --upgrade pip && \
pip install --no-cache-dir -r requirements.txt
# Switch back to root temporarily for copying application files and setting permissions
USER root
COPY . .
RUN chown -R appuser:appgroup /app
# Create runtime directories as root, then chown to appuser
RUN mkdir -p /app/temp_cinegen_media && chown -R appuser:appgroup /app/temp_cinegen_media
RUN mkdir -p /app/assets/fonts && chown -R appuser:appgroup /app/assets/fonts
# Ensure custom fonts copied in assets/fonts are usable system-wide if needed by MoviePy's TextClip
# This assumes your 'arial.ttf' (or other custom fonts) are in 'assets/fonts/' in your project.
# If they are, copy them to a system font directory and update the font cache.
# The VisualEngine also tries to load from 'assets/fonts/' directly via Pillow.
RUN if [ -d "/app/assets/fonts" ] && [ "$(ls -A /app/assets/fonts)" ]; then \
mkdir -p /usr/local/share/fonts/truetype/cinegen_custom && \
cp /app/assets/fonts/*.*tf /usr/local/share/fonts/truetype/cinegen_custom/ 2>/dev/null || true && \
fc-cache -fv && \
echo "INFO: Copied custom fonts and refreshed font cache."; \
else \
echo "INFO: No custom fonts found in /app/assets/fonts to copy system-wide." ; \
fi
# Switch to the non-root user for running the application
USER appuser
# Expose the port Streamlit runs on
EXPOSE 8501
# Define the command to run the application
CMD ["streamlit", "run", "app.py", "--server.port=8501", "--server.address=0.0.0.0", "--global.sharingMode=off", "--client.gatherUsageStats=false"] |