| FROM python:3.12 | |
| # Create non-root user | |
| RUN useradd -m -u 1000 user | |
| WORKDIR /code | |
| # Copy requirements first for caching | |
| COPY ./requirements.txt /code/requirements.txt | |
| # Install system dependencies (ffmpeg, etc.) | |
| USER root | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| ffmpeg \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # Fix permissions | |
| RUN chown -R user:user /code | |
| # Switch to non-root user | |
| USER user | |
| # Install Python deps | |
| RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt | |
| # Copy project | |
| COPY --chown=user:user . /code | |
| # Add local bin to PATH | |
| ENV PATH="/home/user/.local/bin:${PATH}" | |
| # Start app | |
| CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860"] | |