| # 1. Base Image | |
| FROM python:3.11-slim | |
| # 2. System Setup (Minimal build dependencies) | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| build-essential \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # 3. Create Non-Root User (Security Best Practice) | |
| RUN useradd -m -u 1000 user | |
| # 4. Set Workspace | |
| WORKDIR /app | |
| # 5. Install Dependencies | |
| COPY requirements.txt . | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| # 6. Copy Code & Enforce Ownership | |
| # We use --chown to ensure files belong to the user | |
| COPY --chown=user . . | |
| # 7. CRITICAL FIX: Ensure the user owns the directory (for .sesskey creation) | |
| RUN chown -R user:user /app | |
| # 8. Switch to User & Set Path | |
| USER user | |
| ENV PATH="/home/user/.local/bin:$PATH" | |
| ENV PYTHONPATH=/app | |
| # 9. Run Entry Point | |
| CMD ["python", "run.py"] | |