Dockerfile

FROM python:3.10-slim

WORKDIR /app

# Create non-root user
RUN useradd -m -u 1000 user

# Install system dependencies
RUN apt-get update && apt-get install -y \
    wget \
    gnupg \
    curl \
    libnss3 \
    libnspr4 \
    libatk1.0-0 \
    libatk-bridge2.0-0 \
    libcups2 \
    libdrm2 \
    libdbus-1-3 \
    libxkbcommon0 \
    libx11-6 \
    libxcomposite1 \
    libxdamage1 \
    libxext6 \
    libxfixes3 \
    libxrandr2 \
    libgbm1 \
    libpango-1.0-0 \
    libcairo2 \
    libasound2 \
    libatspi2.0-0 \
    && pip install --upgrade pip \
    && pip install poetry

# Copy poetry configuration
COPY pyproject.toml poetry.lock ./

# Install Python dependencies using Poetry
RUN poetry config virtualenvs.create false \
    && poetry install --no-interaction --no-ansi --no-root

# Create directories and set permissions
RUN mkdir -p static templates screenshots /home/user/.cache && \
    chown -R user:user /app /home/user/.cache

# Set HOME for the browser
ENV HOME=/home/user \
    PYTHONPATH=/app

# Install additional Chrome dependencies
RUN apt-get update && apt-get install -y \
    fonts-noto-color-emoji \
    fonts-freefont-ttf \
    libharfbuzz-icu0 \
    # Chrome dependencies 
    libglib2.0-0 \
    unzip \
    xvfb

# Install Chrome - required for Helium
RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
    && echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list \
    && apt-get update \
    && apt-get install -y google-chrome-stable \
    && rm -rf /var/lib/apt/lists/*

# Copy application code
COPY app /app/app
COPY templates /app/templates
COPY static /app/static

# Make sure all files are owned by user
RUN chown -R user:user /app

# Environment variables
ENV PORT=7860 \
    HOST=0.0.0.0

# Switch to non-root user for running the app
USER user

# Expose the port
EXPOSE 7860

# Start command
CMD ["uvicorn", "app.server:app", "--host", "0.0.0.0", "--port", "7860"]