| # Use the official lightweight Python image. | |
| FROM python:3.9-slim | |
| # Set the working directory to /app | |
| WORKDIR /app | |
| # Create a non-root user with an explicit UID | |
| RUN adduser -u 1000 --disabled-password --gecos "" appuser && chown -R appuser /app | |
| USER appuser | |
| # CRITICAL FIX: Add the user's local bin directory to PATH so the shell can find 'uvicorn' | |
| ENV PATH="/home/appuser/.local/bin:$PATH" | |
| # Copy the requirements file | |
| COPY --chown=appuser requirements.txt . | |
| # Install the dependencies | |
| # Note: As a non-root user, pip will default to --user install, putting files in ~/.local | |
| RUN pip install --no-cache-dir --upgrade -r requirements.txt | |
| # Copy the rest of the application code | |
| COPY --chown=appuser . . | |
| # Expose the port | |
| EXPOSE 7860 | |
| # Command to run the application | |
| # Using 'python -m uvicorn' is safer than just 'uvicorn' to ensure it uses the installed module | |
| CMD ["python", "-m", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860"] |