Update Dockerfile

Dockerfile

@@ -5,7 +5,7 @@ FROM python:3.10-slim
 ENV DEBIAN_FRONTEND=noninteractive
 
 # Install system dependencies
-# - Essential for Pillow/OpenCV: libgl1-mesa-glx, libglib2.0-0
+# - Essential for Pillow image processing: libgl1-mesa-glx, libglib2.0-0
 # - Font handling: fontconfig
 # - Installs Microsoft Core Fonts (including Arial): ttf-mscorefonts-installer
 RUN apt-get update && \
@@ -16,48 +16,57 @@ RUN apt-get update && \
     # Accept the EULA for ttf-mscorefonts-installer non-interactively
     && echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" | debconf-set-selections \
     && apt-get install -y --no-install-recommends ttf-mscorefonts-installer \
+    # Clean up apt caches to reduce image size
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* \
-    # Update font cache to make installed fonts available
+    # Update font cache to make installed fonts available to applications like Pillow
     && fc-cache -f -v
 
-# Set the working directory in the container
+# Set the working directory in the container for subsequent commands
 WORKDIR /app
 
-# Create a non-root user and group for better security
-# Using user ID 1000 as is common in HF Spaces
+# Create a non-root user and group for better security.
+# Using UID/GID 1000 is common for Hugging Face Spaces.
 RUN groupadd -g 1000 appuser && useradd --no-log-init -u 1000 -g appuser appuser
 
-# Create necessary application directories before copying and set ownership
-# Ensures the user 'appuser' can write to generated_images
+# Create necessary application directories within /app.
+# Then, set ownership of the entire /app directory (and its contents)
+# to the 'appuser'. This ensures the application, running as 'appuser',
+# has the necessary permissions, especially for /app/generated_images.
 RUN mkdir -p /app/templates /app/generated_images && \
     chown -R appuser:appuser /app
 
-# Copy the requirements file first for layer caching
-# Ensure ownership is set correctly during copy
+# Copy the requirements file first to leverage Docker layer caching.
+# Ensure 'appuser' owns this copied file.
 COPY --chown=appuser:appuser requirements.txt .
 
-# Install Python dependencies specified in requirements.txt
+# Install Python dependencies specified in requirements.txt.
+# --no-cache-dir reduces image size by not storing the pip cache.
 RUN pip install --no-cache-dir -r requirements.txt
 
-# Copy the rest of the application files into the container
-# Ensure 'app.py', 'arial.ttf', and the 'templates' directory exist in your repo root
+# Copy the rest of the application files into the container's /app directory.
+# Ensure 'appuser' owns these copied files.
 COPY --chown=appuser:appuser app.py .
 
 # ---- IMPORTANT ----
-# The following line requires 'arial.ttf' to be present in the root of your repository
+# The following line requires 'arial.ttf' to be present in the root of your repository.
+# This file will be copied to /app/arial.ttf inside the container.
 COPY --chown=appuser:appuser arial.ttf .
 # ---- IMPORTANT ----
 
-# Copy the entire templates directory
+# Copy the entire 'templates' directory (and its contents) from your repository root
+# to /app/templates inside the container.
+# This requires the 'templates' directory to exist in your repository root.
 COPY --chown=appuser:appuser templates ./templates
 
-# Switch to the non-root user
+# Switch to the non-root user 'appuser' for running the application.
+# Subsequent commands (like CMD) will run as this user.
 USER appuser
 
-# Define environment variable placeholder (Hugging Face Secrets will override this)
-# You MUST set TELEGRAM_TOKEN in your Space's secrets settings.
+# Define an environment variable placeholder for the Telegram token.
+# The actual token MUST be set in your Hugging Face Space's secrets settings.
 ENV TELEGRAM_TOKEN=""
 
-# Command to run the application when the container launches
+# Command to run the application when the container launches.
+# This executes 'python app.py' as the 'appuser'.
 CMD ["python", "app.py"]