FROM python:3.9-slim

# Create a non-root user for security
RUN useradd -m -u 1000 user
USER user

# Add pip user installs to PATH
ENV PATH="/home/user/.local/bin:$PATH"

# Set working directory
WORKDIR /app

# Copy and install dependencies
COPY --chown=user requirements.txt .
RUN pip install --no-cache-dir --upgrade -r requirements.txt

# Copy rest of the code
COPY --chown=user . /app

# Expose port (optional, but good practice)
EXPOSE 7860

# Start Gunicorn server
CMD ["gunicorn", "-b", "0.0.0.0:7860", "app:app"]