| FROM python:3.11-slim | |
| WORKDIR /app | |
| ENV PYTHONDONTWRITEBYTECODE=1 \ | |
| PYTHONUNBUFFERED=1 | |
| # Create user first (before any file operations) | |
| RUN useradd -m -u 1000 user | |
| # Install dependencies as root | |
| COPY requirements.txt . | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| # Copy application code and set ownership in one step | |
| COPY --chown=user:user . . | |
| # Switch to non-root user | |
| USER user | |
| # Set PATH for user | |
| ENV PATH="/home/user/.local/bin:$PATH" | |
| # Expose port 7860 (Hugging Face Spaces default) | |
| EXPOSE 7860 | |
| # Start server | |
| CMD ["uvicorn", "server:app", "--host", "0.0.0.0", "--port", "7860", "--log-level", "info"] | |