Dockerfile

FROM python:3.10-slim

# Set environment variables
ENV PYTHONUNBUFFERED=1
ENV DEBIAN_FRONTEND=noninteractive

# Install system dependencies
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        ffmpeg \
        libsm6 \
        libxext6 \
        fontconfig \
        imagemagick && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Create directory for custom fonts and copy your font file(s)
RUN mkdir -p /usr/local/share/fonts/truetype/mycustomfonts
COPY assets/fonts/arial.ttf /usr/local/share/fonts/truetype/mycustomfonts/arial.ttf 

# Rebuild font cache AFTER copying fonts
RUN fc-cache -f -s -v

# Create a non-root user and group
ARG APP_USER_UID=1000
ARG APP_USER_GID=1000
RUN groupadd --gid $APP_USER_GID appgroup && \
    useradd --uid $APP_USER_UID --gid appgroup --shell /bin/bash --create-home appuser

# Set the working directory
WORKDIR /home/appuser/app

# Copy requirements.txt first
COPY requirements.txt ./ 

# Pip install as root (or default user before USER appuser)
RUN python -m pip install --no-cache-dir --upgrade pip
RUN python -m pip install --no-cache-dir -r requirements.txt

# Now copy the rest of the application code
COPY . .

# Ensure the entire app directory and its contents are owned by appuser
# and explicitly create the output directory as root and then chown it.
RUN mkdir -p /home/appuser/app/temp_cinegen_media && \
    chown -R appuser:appgroup /home/appuser/app

# Switch to the non-root user
USER appuser
# Ensure user's local bin is in PATH for pip-installed executables
ENV PATH="/home/appuser/.local/bin:${PATH}" 

# Expose Streamlit's default port
EXPOSE 8501

# Command to run Streamlit
CMD ["streamlit", "run", "app.py", "--server.headless=true", "--server.port=8501", "--server.fileWatcherType=none"]