| FROM python:3.11-slim | |
| # HuggingFace Spaces requires port 7860 | |
| EXPOSE 7860 | |
| WORKDIR /app | |
| # Install dependencies | |
| COPY requirements.txt . | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| # Copy app files | |
| COPY . . | |
| # HuggingFace runs as non-root user (uid 1000) | |
| # Create writable directory for SQLite DB | |
| RUN mkdir -p /data && chmod 777 /data | |
| # Non-root user | |
| RUN useradd -m -u 1000 appuser && chown -R appuser:appuser /app | |
| USER appuser | |
| CMD ["python", "app.py"] | |