Spaces:
Sleeping
Sleeping
| # syntax=docker/dockerfile:1.7 | |
| ######################## | |
| # Stage 1 β Fetch source | |
| ######################## | |
| FROM python:3.11-slim AS fetcher | |
| ARG GIT_REPO=https://github.com/zBotta/reportingAgent.git | |
| # TODO: after tests change GIT_REF to main | |
| ARG GIT_REF=main # branch or tag (for a specific commit, see notes below) | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| git ca-certificates && \ | |
| rm -rf /var/lib/apt/lists/* | |
| WORKDIR /src | |
| # Fail early if repo arg not provided | |
| RUN test -n "$GIT_REPO" || (echo "ERROR: GIT_REPO build-arg is required" && false) | |
| # Pull only the specified ref (branch/tag) shallowly | |
| RUN git clone --depth 1 --branch "${GIT_REF}" "${GIT_REPO}" /src | |
| ######################## | |
| # Stage 2 β Runtime | |
| ######################## | |
| # Use a small Python base | |
| FROM python:3.11-slim | |
| # Environment | |
| ENV PYTHONDONTWRITEBYTECODE=1 \ | |
| PYTHONUNBUFFERED=1 \ | |
| PIP_NO_CACHE_DIR=1 \ | |
| STREAMLIT_SERVER_HEADLESS=true \ | |
| STREAMLIT_SERVER_PORT=8501 \ | |
| STREAMLIT_BROWSER_GATHER_USAGE_STATS=false \ | |
| HF_HOME=/home/appuser/.cache/huggingface | |
| # Optional: git can help resolve some Hugging Face repos | |
| RUN apt-get update && apt-get install -y --no-install-recommends git \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # Create non-root user and working dir | |
| RUN useradd -m appuser | |
| WORKDIR /reportAgent | |
| # Install Python deps first for better layer caching | |
| COPY --from=fetcher src/requirements.txt /reportAgent/requirements.txt | |
| RUN pip install -r requirements.txt | |
| COPY --from=fetcher src/projectSetup.py /reportAgent/projectSetup.py | |
| COPY --from=fetcher src/entry_point.sh /reportAgent/entry_point.sh | |
| # Copy your app code (root/app -> /app) | |
| COPY --from=fetcher src/app/ /reportAgent/app/ | |
| # Create & own runtime dirs the app/entrypoint will use | |
| RUN mkdir -p /home/appuser/.cache/huggingface /reportAgent/app/logs \ | |
| && chown -R appuser:appuser /home/appuser /reportAgent/app/logs/ | |
| RUN chmod +x /reportAgent/entry_point.sh && chown -R appuser:appuser /reportAgent /reportAgent/entry_point.sh /home/appuser | |
| RUN chown -R appuser:appuser /reportAgent/ /home/appuser | |
| # Give rights to the app user in tmp dir (for downloading HF models) | |
| ENV HF_HOME=/home/appuser/.cache/huggingface \ | |
| HUGGINGFACE_HUB_CACHE=/home/appuser/.cache/huggingface/hub \ | |
| TRANSFORMERS_CACHE=/home/appuser/.cache/huggingface/transformers \ | |
| PYTORCH_HUB_DIR=/home/appuser/.cache/torch \ | |
| TMPDIR=/home/appuser/tmp | |
| RUN mkdir -p "$HF_HOME" "$HUGGINGFACE_HUB_CACHE" "$TRANSFORMERS_CACHE" "$PYTORCH_HUB_DIR" "$TMPDIR" \ | |
| && chown -R appuser:appuser /home/appuser \ | |
| && chmod 700 "$TMPDIR" \ | |
| && chmod 1777 /tmp # belt & suspenders: ensure /tmp is world-writable with sticky bit | |
| # Drop root | |
| USER appuser | |
| EXPOSE 8501 | |
| HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health | |
| ENTRYPOINT ["/reportAgent/entry_point.sh"] |