Dockerfile

# Use an official Python runtime as a parent image
FROM python:3.10-slim

# Set environment variables to prevent interactive prompts during apt-get install
ENV DEBIAN_FRONTEND=noninteractive

# Install system dependencies
RUN apt-get update && \
    # Modify sources.list to include contrib and non-free-firmware.
    # This is necessary for packages like ttf-mscorefonts-installer on Debian Bookworm.
    # The sed command appends 'contrib non-free-firmware' to lines that already contain 'main'.
    sed -i 's/main$/main contrib non-free-firmware/g' /etc/apt/sources.list && \
    # It's also good to ensure security updates are prioritized if specific lines exist for them
    # sed -i 's/main$/main contrib non-free-firmware/g' /etc/apt/sources.list.d/debian.sources || true && \
    # Re-run apt-get update to fetch package lists from the newly enabled components
    apt-get update && \
    apt-get install -y --no-install-recommends \
    libgl1-mesa-glx \
    libglib2.0-0 \
    fontconfig \
    # Accept the EULA for ttf-mscorefonts-installer non-interactively
    && echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" | debconf-set-selections \
    && apt-get install -y --no-install-recommends ttf-mscorefonts-installer \
    # Clean up apt caches to reduce image size
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/* \
    # Update font cache to make installed fonts available to applications like Pillow
    && fc-cache -f -v

# Set the working directory in the container for subsequent commands
WORKDIR /app

# Create a non-root user and group for better security.
# Using UID/GID 1000 is common for Hugging Face Spaces.
RUN groupadd -g 1000 appuser && useradd --no-log-init -u 1000 -g appuser appuser

# Create necessary application directories within /app.
# Then, set ownership of the entire /app directory (and its contents)
# to the 'appuser'. This ensures the application, running as 'appuser',
# has the necessary permissions, especially for /app/generated_images.
RUN mkdir -p ./app/templates ./app/generated_images && \
    chown -R appuser:appuser ./app

# Copy the requirements file first to leverage Docker layer caching.
# Ensure 'appuser' owns this copied file.
COPY --chown=appuser:appuser requirements.txt .

# Install Python dependencies specified in requirements.txt.
# --no-cache-dir reduces image size by not storing the pip cache.
RUN pip install --no-cache-dir -r requirements.txt

# Copy the rest of the application files into the container's /app directory.
# Ensure 'appuser' owns these copied files.
COPY --chown=appuser:appuser app.py .

# The line to copy 'arial.ttf' was previously REMOVED.
# We are relying on the system-installed Arial from 'ttf-mscorefonts-installer'.

# Copy the entire 'templates' directory (and its contents) from your repository root
# to /app/templates inside the container.
# This requires the 'templates' directory to exist in your repository root.
COPY --chown=appuser:appuser templates ./templates

# Switch to the non-root user 'appuser' for running the application.
# Subsequent commands (like CMD) will run as this user.
USER appuser

# Define an environment variable placeholder for the Telegram token.
# The actual token MUST be set in your Hugging Face Space's secrets settings.
ENV TELEGRAM_TOKEN="7229558358:AAH_btIdtnJvfGhh84O2uVa8wuH88ShUcy0"

# Command to run the application when the container launches.
# This executes 'python app.py' as the 'appuser'.
CMD ["python", "app.py"]