File size: 4,988 Bytes
af8f89c 10b70a9 6a0246e af8f89c 10b70a9 6a0246e 10b70a9 e8816ce af8f89c 6a0246e af8f89c f4be5ea e8816ce af8f89c 6db1678 af8f89c 6db1678 af8f89c e8816ce af8f89c 6db1678 af8f89c 111ba62 e8816ce 6a0246e e8816ce 6a0246e e8816ce 0f0f717 e8816ce 6a0246e e8816ce cd06c05 e8816ce cd06c05 264ac69 e8816ce 264ac69 e8816ce 262b6c2 e8816ce 262b6c2 e8816ce 5e1192b af8f89c 5afbe18 af8f89c 6a0246e |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 |
# Use an official Python runtime as a parent image
FROM python:3.10-slim-bullseye
# Set environment variables for Python, pip, and locale
ENV PYTHONUNBUFFERED 1
ENV PYTHONDONTWRITEBYTECODE 1
ENV PIP_NO_CACHE_DIR off
ENV PIP_DISABLE_PIP_VERSION_CHECK 1
ENV DEBIAN_FRONTEND=noninteractive
ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8
# Install system dependencies (as root)
RUN apt-get update && apt-get install -y --no-install-recommends \
ffmpeg \
imagemagick \
git \
fonts-dejavu-core \
fonts-liberation \
libgl1-mesa-glx \
libglib2.0-0 \
&& rm -rf /var/lib/apt/lists/*
# Modify ImageMagick policy.xml (as root)
RUN if [ -f /etc/ImageMagick-6/policy.xml ]; then \
XML_FILE="/etc/ImageMagick-6/policy.xml"; \
echo "INFO: Modifying ImageMagick policy at $XML_FILE (v6) for MoviePy compatibility." ; \
elif [ -f /etc/ImageMagick-7/policy.xml ]; then \
XML_FILE="/etc/ImageMagick-7/policy.xml"; \
echo "INFO: Modifying ImageMagick policy at $XML_FILE (v7) for MoviePy compatibility." ; \
else \
XML_FILE=""; \
echo "WARNING: ImageMagick policy.xml not found. MoviePy TextClip might fail." ; \
fi && \
if [ -n "$XML_FILE" ] && [ -f "$XML_FILE" ]; then \
sed -i 's/<policy domain="path" rights="none" pattern="@\*"\/>/<!-- <policy domain="path" rights="none" pattern="@\*" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="TEXT"\/>/<!-- <policy domain="coder" rights="none" pattern="TEXT" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="LABEL"\/>/<!-- <policy domain="coder" rights="none" pattern="LABEL" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="MVG"\/>/<!-- <policy domain="coder" rights="none" pattern="MVG" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="MSL"\/>/<!-- <policy domain="coder" rights="none" pattern="MSL" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="HTTPS"\/>/<!-- <policy domain="coder" rights="none" pattern="HTTPS" \/> -->/' "$XML_FILE" && \
sed -i 's/<policy domain="coder" rights="none" pattern="HTTP"\/>/<!-- <policy domain="coder" rights="none" pattern="HTTP" \/> -->/' "$XML_FILE" && \
echo "INFO: ImageMagick policy modifications applied to $XML_FILE." ; \
fi
# Create a non-root user and group, create home, .cache, and .streamlit dirs
RUN groupadd -r appgroup --gid 1000 && \
useradd --no-log-init -r -g appgroup -u 1000 --create-home --shell /bin/bash appuser && \
mkdir -p /home/appuser/.cache/pip && \
mkdir -p /home/appuser/.streamlit && \
chown -R appuser:appgroup /home/appuser
# Set Streamlit home directory (already created and chowned)
ENV STREAMLIT_HOME=/home/appuser/.streamlit
# Set the working directory in the container (owned by root initially, will be chowned)
WORKDIR /app
# Copy requirements.txt and install dependencies AS APPUSER
# First, copy just requirements.txt and chown its destination so appuser can write to /app (temporarily for this step)
COPY --chown=appuser:appgroup requirements.txt .
USER appuser
RUN pip install --no-cache-dir --upgrade pip && \
pip install --user --no-cache-dir -r requirements.txt # --user installs to ~/.local
# Add user's local bin to PATH
ENV PATH="/home/appuser/.local/bin:${PATH}"
# Copy the rest of the application code AS APPUSER
# WORKDIR /app is still in effect, appuser should have rights to write here if /app was chowned.
# However, to be absolutely safe, we copy to a location appuser definitely owns, or chown /app after copy by root.
# Let's stick to copying as root then chowning all of /app.
USER root
COPY . .
RUN chown -R appuser:appgroup /app
# Create runtime directories AS APPUSER (now that /app is owned by appuser)
USER appuser
RUN mkdir -p /app/temp_cinegen_media
RUN mkdir -p /app/assets/fonts # This directory should exist from COPY, but ensure it.
# Copy custom fonts to system location (as root, if needed by MoviePy's ImageMagick backend directly)
# This step is optional if Pillow direct font path loading is sufficient.
# USER root
# RUN if [ -d "/app/assets/fonts" ] && [ "$(ls -A /app/assets/fonts)" ]; then \
# mkdir -p /usr/local/share/fonts/truetype/cinegen_custom && \
# cp /app/assets/fonts/*.*tf /usr/local/share/fonts/truetype/cinegen_custom/ 2>/dev/null || true && \
# fc-cache -fv && \
# echo "INFO: Copied custom fonts and refreshed font cache (as root)."; \
# else \
# echo "INFO: No custom fonts found in /app/assets/fonts to copy system-wide." ; \
# fi
# USER appuser # Switch back to appuser for runtime
# Expose the port Streamlit runs on
EXPOSE 8501
# Define the command to run the application
CMD ["streamlit", "run", "app.py", "--server.port=8501", "--server.address=0.0.0.0", "--global.sharingMode=off", "--client.gatherUsageStats=false"] |