Update Dockerfile

Author: danielckv

Dockerfile

@@ -1,61 +1,55 @@
-# Base image with CUDA 12.6 and Ubuntu 24.04
-FROM nvidia/cuda:12.6.0-devel-ubuntu24.04
-
-# Set environment variables
-ENV DEBIAN_FRONTEND=noninteractive
-ENV PYTHONUNBUFFERED=1
-ENV PYTHONDONTWRITEBYTECODE=1
-# Fix for Ubuntu 24.04 PEP 668 (allows global pip install)
-ENV PIP_BREAK_SYSTEM_PACKAGES=1 
-ENV TORCH_CUDA_ARCH_LIST="8.0;8.6;8.9;9.0"
-
-# Set the working directory
-WORKDIR /workspace
-
-# 1. Install System Dependencies
-# CHANGED: 'libgl1-mesa-glx' -> 'libgl1' (Fixes exit code 100)
+# 1. PLATFORM PINNING: Essential for CUDA wheels.
+# PyTorch with CUDA does not have wheels for ARM64 (Apple Silicon).
+# We force linux/amd64 so Docker pulls the compatible x86 binary.
+FROM --platform=linux/amd64 python:3.11-slim
+
+# 2. ENVIRONMENT VARIABLES
+# Keeps Python from buffering stdout/stderr (logs appear immediately)
+# and prevents python from writing .pyc files.
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PIP_NO_CACHE_DIR=1
+
+WORKDIR /app
+
+# 3. SYSTEM DEPENDENCIES
+# Install basic build tools and libraries often required by vision/audio packages
 RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
     git \
-    wget \
-    curl \
-    vim \
-    ffmpeg \
     libgl1 \
     libglib2.0-0 \
-    python3-pip \
-    python3-dev \
-    python3-venv \
-    && apt-get clean && rm -rf /var/lib/apt/lists/*
-
-# 2. Setup Python 3.12 as default
-RUN ln -s /usr/bin/python3 /usr/bin/python
-
-# 3. Install PyTorch 2.7.0 with PINNED dependencies
-# Pinning versions ensures compatibility with PyTorch 2.7
-RUN pip install --no-cache-dir --upgrade pip setuptools wheel && \
-    pip install --no-cache-dir \
+    && rm -rf /var/lib/apt/lists/*
+
+# 4. INSTALL PYTORCH (Heavy Layer)
+# We do this BEFORE copying requirements.txt or app code.
+# This ensures Docker caches this heavy layer (2GB+) and doesn't re-download
+# it unless you specifically change the Torch version.
+RUN pip install --upgrade pip setuptools wheel && \
+    pip install \
     torch==2.7.0 \
     torchvision==0.22.0 \
     torchaudio==2.7.0 \
     --index-url https://download.pytorch.org/whl/cu126
 
-# 4. Clone and Install SAM3
-RUN git clone https://github.com/facebookresearch/sam3.git && \
-    cd sam3 && \
-    pip install -e . && \
-    pip install -e ".[notebooks,dev,train]"
+# 5. INSTALL OTHER REQUIREMENTS
+COPY requirements.txt .
+RUN pip install -r requirements.txt
 
-# 5. Install JupyterLab
-RUN pip install jupyterlab
+# 6. SECURITY: CREATE NON-ROOT USER
+# Running as root is a security risk. Create a user 'appuser'.
+RUN addgroup --system --gid 1001 appgroup && \
+    adduser --system --uid 1001 --gid 1001 appuser
 
-# 6. Setup Entrypoint for Hugging Face Login
-RUN echo '#!/bin/bash\n\
-echo "----------------------------------------------------------------"\n\
-echo "SAM3 Environment Ready."\n\
-echo "Run: huggingface-cli login"\n\
-echo "----------------------------------------------------------------"\n\
-exec "$@"' > /usr/local/bin/entrypoint.sh && chmod +x /usr/local/bin/entrypoint.sh
+# 7. COPY APP CODE
+COPY . .
 
-ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+# Change ownership of the app directory to the non-root user
+RUN chown -R appuser:appgroup /app
 
-CMD ["jupyter", "lab", "--ip=0.0.0.0", "--port=8888", "--allow-root", "--no-browser"]
+# Switch to non-root user
+USER appuser
+
+# 8. ENTRYPOINT
+# Update 'main.py' to your actual entry script
+CMD ["python", "main.py"]