# Use the base Python image FROM python:3.9 # Set up a new user named "user" with user ID 1000 # This creates a new user within the Docker container with user ID 1000. RUN useradd -m -u 1000 user # Overrides permissions for Hugging Face Docker. # Switches to the newly created user to run subsequent commands, enhancing security. USER user # Set environment variables for the user's home directory and executable path ENV HOME=/home/user \ PATH=/home/user/.local/bin:$PATH # Set the working directory to /home/user/app WORKDIR $HOME/app # Install Python dependencies first to avoid reinstalling on code changes # Copy the requirements.txt file into the container and install dependencies. COPY ./requirements.txt $HOME/app/requirements.txt RUN pip install --no-cache-dir --upgrade -r requirements.txt \ && pip install --no-cache-dir --upgrade pymongo # Switch back to root to install system dependencies USER root # Install system dependencies RUN apt-get update \ && apt-get install -y ffmpeg python3-pyaudio portaudio19-dev \ && apt-get clean # Switch back to the user USER user # Expose the secret OPENAI_API_KEY at buildtime and use its value as an environment variable RUN --mount=type=secret,id=OPENAI_API_KEY,mode=0444,required=true \ echo "export OPENAI_API_KEY=$(cat /run/secrets/OPENAI_API_KEY)" >> /home/user/app/.env RUN --mount=type=secret,id=PINECONE_API_KEY,mode=0444,required=true \ echo "export PINECONE_API_KEY=$(cat /run/secrets/PINECONE_API_KEY)" >> /home/user/app/.env RUN --mount=type=secret,id=MONGO_URI,mode=0444,required=true \ echo "export MONGO_URI=$(cat /run/secrets/MONGO_URI)" >> /home/user/app/.env # Source the .env file to set environment variables RUN echo "source $HOME/app/.env" >> $HOME/.bashrc # Copy the rest of the application into the container # This includes your Python scripts, models, and any other necessary files. COPY --chown=user . $HOME/app # Specify the command to run when the container starts # Here, it runs the "app.py" script using the Python interpreter. CMD ["python", "app.py"] # -------------------------------------------------------------------------------------------------------------------------------------------------------------------- # Overview # This Dockerfile is used to build a Docker image for a Python application. # It starts with the official Python 3.9 image as a base. # It then sets up a new user, switches to that user for security reasons, and defines environment variables. # The working directory is set to "/home/user/app," where Python dependencies are installed from the "requirements.txt" file. # The entire application is copied into the container. # Finally, the CMD directive specifies that the "app.py" script should run when the container starts. # Architecture: # In the context of Hugging Face Docker Spaces, this Docker image encapsulates your Python application, # ensuring that it runs consistently across different environments (linus, macOS, windows, etc). # Docker containers provide a lightweight and isolated environment for applications, enhancing portability and reproducibility. # The use of a non-root user and defined environment variables contributes to security best practices. # The "CMD" instruction specifies the default behavior of the container.