| # Use a lightweight Python image | |
| FROM python:3.11-slim | |
| # Install system dependencies like ffmpeg and git as the root user | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| ffmpeg \ | |
| git \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # Create a dedicated, non-root user for security. | |
| # Hugging Face and other platforms run containers as a user like this. | |
| RUN useradd -m -u 1000 user | |
| ENV HOME=/home/user | |
| # Set the working directory inside the new user's home directory | |
| WORKDIR $HOME/app | |
| # Copy the requirements file and set its ownership to the new user. | |
| # This helps with Docker's layer caching. | |
| COPY --chown=user:user requirements.txt . | |
| # Switch from the root user to the non-root user | |
| USER user | |
| # Install Python dependencies into the user's home directory | |
| # This avoids any permission issues with system-wide package installation. | |
| RUN pip install --no-cache-dir --user -r requirements.txt | |
| # Add the user's local bin directory to the system's PATH. | |
| # This is crucial so that executables installed by pip (like gunicorn) can be found. | |
| ENV PATH="$HOME/.local/bin:$PATH" | |
| # Copy the rest of the project files, ensuring they are also owned by the user. | |
| # This is what fixes the "Permission denied: 'cookies.txt'" error. | |
| COPY --chown=user:user . . | |
| # Expose the port the app will run on. Hugging Face Spaces typically use 7860. | |
| EXPOSE 7860 | |
| # Start the Flask app using Gunicorn. | |
| # Binding to 0.0.0.0 makes it accessible from outside the container. | |
| CMD ["gunicorn", "--worker-class", "gevent", "--timeout", "3600", "--bind", "0.0.0.0:7860", "app:app"] |