2024-11-02 06:04:33 +00:00
|
|
|
# Use a slim base image to reduce potential vulnerabilities
|
|
|
|
|
FROM python:3.10-slim-bookworm
|
2024-10-30 17:42:30 +07:00
|
|
|
|
2024-11-02 06:08:05 +00:00
|
|
|
# Create a non-root user and group
|
|
|
|
|
RUN groupadd -r appuser && useradd --no-log-init -r -g appuser appuser
|
|
|
|
|
|
2024-10-30 17:42:30 +07:00
|
|
|
# Set the working directory
|
|
|
|
|
WORKDIR /usr/src/app
|
|
|
|
|
|
|
|
|
|
# Copy the requirements file and install the dependencies
|
2024-11-02 06:08:05 +00:00
|
|
|
COPY --chown=appuser:appuser requirements.txt .
|
2024-10-30 17:42:30 +07:00
|
|
|
|
2024-11-02 06:04:33 +00:00
|
|
|
# Install uv and the dependencies without caching to reduce image size
|
|
|
|
|
RUN pip install --no-cache-dir uv==0.4.28 && \
|
|
|
|
|
pip install --no-cache-dir -r requirements.txt
|
2024-10-30 17:42:30 +07:00
|
|
|
|
2024-11-02 06:08:05 +00:00
|
|
|
# Copy the application code with appropriate ownership
|
|
|
|
|
COPY --chown=appuser:appuser . .
|
2024-11-02 06:04:33 +00:00
|
|
|
|
2024-11-02 06:08:05 +00:00
|
|
|
# Change permissions of the application directory
|
2024-11-02 06:25:54 +00:00
|
|
|
RUN chmod -R u+rwX,go-rwx /usr/src/app
|
2024-11-02 06:04:33 +00:00
|
|
|
|
|
|
|
|
# Switch to the non-root user
|
|
|
|
|
USER appuser
|
|
|
|
|
|
|
|
|
|
# Expose the application port
|
2024-10-30 17:42:30 +07:00
|
|
|
EXPOSE 7860
|
2024-11-02 06:04:33 +00:00
|
|
|
|
|
|
|
|
# Set environment variables
|
2024-10-30 17:42:30 +07:00
|
|
|
ENV GRADIO_SERVER_NAME="0.0.0.0"
|
|
|
|
|
|
|
|
|
|
# Run the application
|
2024-11-02 06:04:33 +00:00
|
|
|
CMD ["python", "app.py"]
|
