| # 1. Use the official Python slim image | |
| FROM python:3.12-slim | |
| # 2. Set environment variables | |
| ENV PYTHONUNBUFFERED=1 \ | |
| PYTHONDONTWRITEBYTECODE=1 \ | |
| PORT=7860 | |
| WORKDIR /app | |
| # 3. Install ONLY necessary system dependencies | |
| # Removed 'software-properties-common' as it is obsolete in Debian Trixie | |
| RUN apt-get update && apt-get install -y \ | |
| build-essential \ | |
| curl \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # 4. Install Python dependencies | |
| COPY requirements.txt . | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| # 5. Copy application code | |
| COPY . . | |
| # 6. Hugging Face security best practices | |
| RUN useradd -m -u 1000 user | |
| USER user | |
| ENV HOME=/home/user \ | |
| PATH=/home/user/.local/bin:$PATH | |
| WORKDIR $HOME/app | |
| COPY --chown=user . $HOME/app | |
| EXPOSE 7860 | |
| # 7. Run the application | |
| CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "7860"] |