chore: update Dockerfile pins, add .dockerignore, README, and update_pins.py

Dockerfile.bak

@@ -0,0 +1,142 @@
+# ===============================
+# BackgroundFX Pro — Dockerfile
+# Hugging Face Spaces Pro (GPU)
+# ===============================
+
+# CUDA base image (T4-friendly). Build stage has NO GPU access.
+FROM nvidia/cuda:12.3.2-cudnn9-devel-ubuntu22.04
+
+# --- Build args (override in Space Settings → Build args) ---
+# Pin external repos for reproducible builds
+ARG SAM2_SHA=__PIN_ME__
+ARG MATANYONE_SHA=__PIN_ME__
+
+# Weights to pre-warm (public models only)
+ARG SAM2_MODEL_ID=facebook/sam2
+ARG SAM2_VARIANT=sam2_hiera_large    # sam2_hiera_small | sam2_hiera_base | sam2_hiera_large
+ARG MATANY_REPO_ID=PeiqingYang/MatAnyone
+ARG MATANY_FILENAME=matanyone_v1.0.pth
+
+# Optional: repo URLs (used for tarball fetch)
+ARG SAM2_REPO=https://github.com/facebookresearch/segment-anything-2
+ARG MATANYONE_REPO=https://github.com/pq-yang/MatAnyone
+
+# --- Global env hygiene ---
+ENV DEBIAN_FRONTEND=noninteractive \
+    PIP_NO_CACHE_DIR=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1
+
+# --- Create non-root user (uid 1000 required by HF) ---
+RUN useradd -m -u 1000 user
+ENV HOME=/home/user
+WORKDIR ${HOME}/app
+
+# --- System packages (incl. Python) ---
+# NOTE: the base CUDA image has no Python/pip. Install them here.
+USER root
+RUN apt-get update && apt-get install -y --no-install-recommends \
+      python3 python3-pip python3-venv python3-dev python-is-python3 \
+      build-essential \
+      git git-lfs ca-certificates curl \
+      ffmpeg libgl1-mesa-glx libglib2.0-0 libsm6 libxext6 libxrender-dev libgomp1 \
+  && git lfs install \
+  && rm -rf /var/lib/apt/lists/*
+USER user
+ENV PATH=${HOME}/.local/bin:$PATH
+
+# --- Python & CUDA wheels (Torch cu121) ---
+RUN python3 -m pip install --upgrade pip setuptools wheel
+# Use explicit cu121 index to match CUDA 12.x runtime
+RUN python3 -m pip install --index-url https://download.pytorch.org/whl/cu121 \
+    torch==2.3.1+cu121 torchvision==0.18.1+cu121 torchaudio==2.3.1+cu121
+
+# Minimal deps needed BEFORE pre-warm (download weights at build time)
+RUN python3 -m pip install huggingface_hub==0.24.6
+
+# --- Fetch external repos (SAM2 & MatAnyone) via tarballs (robust, no git needed) ---
+RUN set -eux; \
+    mkdir -p third_party && cd third_party; \
+    if [ "${SAM2_SHA}" != "__PIN_ME__" ]; then \
+        echo "Fetching SAM2 commit ${SAM2_SHA} as archive"; \
+        curl -L "${SAM2_REPO}/archive/${SAM2_SHA}.tar.gz" -o sam2.tar.gz; \
+    else \
+        echo "Fetching SAM2 default branch as archive"; \
+        curl -L "${SAM2_REPO}/archive/refs/heads/main.tar.gz" -o sam2.tar.gz || \
+        curl -L "${SAM2_REPO}/archive/refs/heads/master.tar.gz" -o sam2.tar.gz; \
+    fi; \
+    tar -xzf sam2.tar.gz; rm sam2.tar.gz; \
+    mv segment-anything-2-* sam2
+
+RUN set -eux; \
+    cd third_party; \
+    if [ "${MATANYONE_SHA}" != "__PIN_ME__" ]; then \
+        echo "Fetching MatAnyone commit ${MATANYONE_SHA} as archive"; \
+        curl -L "${MATANYONE_REPO}/archive/${MATANYONE_SHA}.tar.gz" -o matany.tar.gz; \
+    else \
+        echo "Fetching MatAnyone default branch as archive"; \
+        curl -L "${MATANYONE_REPO}/archive/refs/heads/main.tar.gz" -o matany.tar.gz || \
+        curl -L "${MATANYONE_REPO}/archive/refs/heads/master.tar.gz" -o matany.tar.gz; \
+    fi; \
+    tar -xzf matany.tar.gz; rm matany.tar.gz; \
+    mv MatAnyone-* matanyone
+
+# --- Pre-warm model weights into image cache (public models only) ---
+# NOTE: Build time has no access to private tokens on Spaces for gated models.
+ENV HF_HOME_BUILD=${HOME}/.cache/huggingface
+RUN python3 - <<'PY'
+import os
+from pathlib import Path
+from huggingface_hub import hf_hub_download
+
+SAM2_MODEL_ID   = os.environ.get("SAM2_MODEL_ID", "facebook/sam2")
+SAM2_VARIANT    = os.environ.get("SAM2_VARIANT", "sam2_hiera_large")
+MATANY_REPO_ID  = os.environ.get("MATANY_REPO_ID", "PeiqingYang/MatAnyone")
+MATANY_FILENAME = os.environ.get("MATANY_FILENAME", "matanyone_v1.0.pth")
+
+VARIANT_FILES = {
+    "sam2_hiera_small": "sam2_hiera_small.pt",
+    "sam2_hiera_base":  "sam2_hiera_base.pt",
+    "sam2_hiera_large": "sam2_hiera_large.pt",
+}
+ckpt_name = VARIANT_FILES.get(SAM2_VARIANT, VARIANT_FILES["sam2_hiera_large"])
+
+cache_dir = os.environ.get("HF_HOME_BUILD", str(Path.home() / ".cache" / "huggingface"))
+Path(cache_dir).mkdir(parents=True, exist_ok=True)
+
+print(f"[PREWARM] SAM2: repo={SAM2_MODEL_ID}, file={ckpt_name}")
+p1 = hf_hub_download(repo_id=SAM2_MODEL_ID, filename=ckpt_name, local_dir=cache_dir)
+print(f"[PREWARM] -> {p1}")
+
+print(f"[PREWARM] MatAnyone: repo={MATANY_REPO_ID}, file={MATANY_FILENAME}")
+p2 = hf_hub_download(repo_id=MATANY_REPO_ID, filename=MATANY_FILENAME, local_dir=cache_dir)
+print(f"[PREWARM] -> {p2}")
+
+print("[PREWARM] Done.")
+PY
+
+# --- App Python deps ---
+COPY --chown=user requirements.txt ./requirements.txt
+RUN python3 -m pip install -r requirements.txt
+
+# --- App code ---
+COPY --chown=user . ${HOME}/app
+
+# --- Runtime environment ---
+# Caches in /data persist across Space restarts
+ENV OMP_NUM_THREADS=2 \
+    TOKENIZERS_PARALLELISM=false \
+    HF_HOME=/data/.cache/huggingface \
+    TORCH_HOME=/data/.cache/torch \
+    MPLCONFIGDIR=/data/.cache/matplotlib \
+    PYTORCH_CUDA_ALLOC_CONF=max_split_size_mb:128 \
+    PYTHONPATH="$PYTHONPATH:${HOME}/app/third_party/sam2:${HOME}/app/third_party/matanyone" \
+    PORT=7860 \
+    SAM2_MODEL_ID=${SAM2_MODEL_ID} \
+    SAM2_VARIANT=${SAM2_VARIANT} \
+    MATANY_REPO_ID=${MATANY_REPO_ID} \
+    MATANY_FILENAME=${MATANY_FILENAME}
+
+# --- Networking / Entrypoint ---
+EXPOSE 7860
+CMD ["python3", "app.py"]

update_pins.py

@@ -0,0 +1,197 @@
+#!/usr/bin/env python3
+"""
+update_pins.py
+- Fetch newest SHAs (release tag or default branch) for SAM2 + MatAnyone
+- Update ARG lines in Dockerfile: SAM2_SHA / MATANYONE_SHA
+- Supports dry-run and manual pins
+- Uses GitHub API; set GITHUB_TOKEN to avoid rate limits (optional)
+"""
+
+import os
+import re
+import sys
+import json
+import argparse
+from urllib.parse import urlparse
+import requests
+from datetime import datetime, timezone
+from shutil import copyfile
+
+DOCKERFILE_PATH = "Dockerfile"
+
+# Default repos (must match your Dockerfile ARGs)
+SAM2_REPO_URL = "https://github.com/facebookresearch/segment-anything-2"
+MATANY_REPO_URL = "https://github.com/pq-yang/MatAnyone"
+
+SESSION = requests.Session()
+if os.getenv("GITHUB_TOKEN"):
+    SESSION.headers.update({"Authorization": f"Bearer {os.environ['GITHUB_TOKEN']}"})
+SESSION.headers.update({
+    "Accept": "application/vnd.github+json",
+    "User-Agent": "update-pins-script"
+})
+
+def gh_owner_repo(repo_url: str):
+    p = urlparse(repo_url)
+    parts = p.path.strip("/").split("/")
+    if len(parts) < 2:
+        raise ValueError(f"Invalid repo URL: {repo_url}")
+    return parts[0], parts[1]
+
+def gh_api(path: str):
+    url = f"https://api.github.com{path}"
+    r = SESSION.get(url, timeout=30)
+    if r.status_code >= 400:
+        raise RuntimeError(f"GitHub API error {r.status_code}: {r.text}")
+    return r.json()
+
+def get_latest_release_sha(repo_url: str) -> tuple[str, str]:
+    """Return (ref_desc, commit_sha) using latest release tag."""
+    owner, repo = gh_owner_repo(repo_url)
+    try:
+        rel = gh_api(f"/repos/{owner}/{repo}/releases/latest")
+        tag = rel["tag_name"]
+        # Resolve tag to commit
+        ref = gh_api(f"/repos/{owner}/{repo}/git/ref/tags/{tag}")
+        obj = ref["object"]
+        if obj["type"] == "tag":
+            tag_obj = gh_api(f"/repos/{owner}/{repo}/git/tags/{obj['sha']}")
+            sha = tag_obj["object"]["sha"]
+        else:
+            sha = obj["sha"]
+        return (f"release:{tag}", sha)
+    except Exception as e:
+        raise RuntimeError(f"Could not get latest release for {repo}: {e}")
+
+def get_latest_default_branch_sha(repo_url: str) -> tuple[str, str]:
+    """Return (ref_desc, commit_sha) using the default branch head."""
+    owner, repo = gh_owner_repo(repo_url)
+    info = gh_api(f"/repos/{owner}/{repo}")
+    default_branch = info["default_branch"]
+    branch = gh_api(f"/repos/{owner}/{repo}/branches/{default_branch}")
+    sha = branch["commit"]["sha"]
+    return (f"branch:{default_branch}", sha)
+
+def get_sha_for_ref(repo_url: str, ref: str) -> tuple[str, str]:
+    """
+    Resolve any Git ref (branch name, tag name, or commit SHA) to a commit SHA.
+    """
+    owner, repo = gh_owner_repo(repo_url)
+    # If it's already a full SHA, just return it
+    if re.fullmatch(r"[0-9a-f]{40}", ref):
+        return (f"commit:{ref[:7]}", ref)
+    # Try branches/<ref>, then tags/<ref>, then commits/<ref>
+    for kind, path in [
+        ("branch", f"/repos/{owner}/{repo}/branches/{ref}"),
+        ("tag",    f"/repos/{owner}/{repo}/git/ref/tags/{ref}"),
+        ("commit", f"/repos/{owner}/{repo}/commits/{ref}")
+    ]:
+        try:
+            data = gh_api(path)
+            if kind == "branch":
+                return (f"branch:{ref}", data["commit"]["sha"])
+            if kind == "tag":
+                obj = data["object"]
+                if obj["type"] == "tag":
+                    tag_obj = gh_api(f"/repos/{owner}/{repo}/git/tags/{obj['sha']}")
+                    return (f"tag:{ref}", tag_obj["object"]["sha"])
+                else:
+                    return (f"tag:{ref}", obj["sha"])
+            if kind == "commit":
+                return (f"commit:{ref[:7]}", data["sha"])
+        except Exception:
+            continue
+    raise RuntimeError(f"Could not resolve ref '{ref}' for {repo}")
+
+def update_dockerfile_arg(dockerfile_text: str, arg_name: str, new_value: str) -> str:
+    """
+    Replace a line like:
+        ARG SAM2_SHA=...
+    with:
+        ARG SAM2_SHA=<new_value>
+    """
+    pattern = rf"^(ARG\s+{re.escape(arg_name)}=).*$"
+
+    # Use a callable replacement to avoid backreference ambiguity (e.g., \12)
+    def repl(m: re.Match) -> str:
+        return m.group(1) + new_value
+
+    new_text, n = re.subn(pattern, repl, dockerfile_text, flags=re.MULTILINE)
+    if n == 0:
+        raise RuntimeError(f"ARG {arg_name}=… line not found in Dockerfile.")
+    return new_text
+
+def main():
+    ap = argparse.ArgumentParser(description="Update pinned SHAs in Dockerfile.")
+    ap.add_argument("--mode", choices=["release", "default-branch"], default="release",
+                    help="Where to pull pins from (latest GitHub release tag or default branch head).")
+    ap.add_argument("--sam2-ref", help="Explicit ref for SAM2 (tag/branch/sha). Overrides --mode.")
+    ap.add_argument("--matany-ref", help="Explicit ref for MatAnyone (tag/branch/sha). Overrides --mode.")
+    ap.add_argument("--dockerfile", default=DOCKERFILE_PATH, help="Path to Dockerfile.")
+    ap.add_argument("--dry-run", action="store_true", help="Show changes but do not write file.")
+    ap.add_argument("--json", action="store_true", help="Print resulting pins as JSON.")
+    ap.add_argument("--no-backup", action="store_true", help="Do not create a Dockerfile.bak backup.")
+    args = ap.parse_args()
+
+    # Resolve SHAs
+    if args.sam2_ref:
+        sam2_refdesc, sam2_sha = get_sha_for_ref(SAM2_REPO_URL, args.sam2_ref)
+    else:
+        sam2_refdesc, sam2_sha = (
+            get_latest_release_sha(SAM2_REPO_URL) if args.mode == "release"
+            else get_latest_default_branch_sha(SAM2_REPO_URL)
+        )
+
+    if args.matany_ref:
+        mat_refdesc, mat_sha = get_sha_for_ref(MATANY_REPO_URL, args.matany_ref)
+    else:
+        mat_refdesc, mat_sha = (
+            get_latest_release_sha(MATANY_REPO_URL) if args.mode == "release"
+            else get_latest_default_branch_sha(MATANY_REPO_URL)
+        )
+
+    result = {
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+        "mode": args.mode,
+        "SAM2": {"repo": SAM2_REPO_URL, "ref": sam2_refdesc, "sha": sam2_sha},
+        "MatAnyone": {"repo": MATANY_REPO_URL, "ref": mat_refdesc, "sha": mat_sha},
+    }
+
+    # Show pins
+    if args.json:
+        print(json.dumps(result, indent=2))
+    else:
+        print(f"[Pins] SAM2 -> {sam2_refdesc} -> {sam2_sha}")
+        print(f"[Pins] MatAnyone -> {mat_refdesc} -> {mat_sha}")
+
+    # Read Dockerfile
+    if not os.path.isfile(args.dockerfile):
+        raise FileNotFoundError(f"Dockerfile not found at: {args.dockerfile}")
+    with open(args.dockerfile, "r", encoding="utf-8") as f:
+        text = f.read()
+
+    # Update lines
+    text = update_dockerfile_arg(text, "SAM2_SHA", sam2_sha)
+    text = update_dockerfile_arg(text, "MATANYONE_SHA", mat_sha)
+
+    if args.dry_run:
+        print("\n--- Dockerfile (preview) ---\n")
+        print(text)
+        return
+
+    # Backup
+    if not args.no_backup:
+        copyfile(args.dockerfile, args.dockerfile + ".bak")
+
+    # Write
+    with open(args.dockerfile, "w", encoding="utf-8") as f:
+        f.write(text)
+
+    print(f"\n✅ Updated {args.dockerfile} with new pins.")
+
+if __name__ == "__main__":
+    try:
+        main()
+    except Exception as e:
+        print(f"\n❌ Error: {e}", file=sys.stderr)
+        sys.exit(1)