| FROM python:3.10-slim | |
| # Create a non-root user for safer execution | |
| RUN useradd -m -u 1000 user | |
| USER user | |
| ENV PATH="/home/user/.local/bin:$PATH" | |
| WORKDIR /app | |
| # Make cache + static directories and ensure permissions | |
| RUN mkdir -p /app/cache /app/static | |
| # Set HF cache env vars so diffusers/transformers don't try to write to /.cache | |
| ENV HF_HOME=/app/cache | |
| ENV TRANSFORMERS_CACHE=/app/cache | |
| # Copy requirements & install | |
| COPY --chown=user requirements.txt requirements.txt | |
| RUN python -m pip install --no-cache-dir --upgrade pip | |
| RUN python -m pip install --no-cache-dir -r requirements.txt | |
| # Copy app | |
| COPY --chown=user . /app | |
| # Expose port (Spaces uses 7860 default) | |
| CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"] |