FROM python:3.11.9-slim WORKDIR /app RUN groupadd -r appgroup && useradd -r -m -g appgroup appuser COPY requirements.txt . RUN pip install --no-cache-dir -r requirements.txt COPY . . RUN chown -R appuser:appgroup /app EXPOSE 7860 USER appuser HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:7860/health')" || exit 1 CMD ["python", "app.py"]