FROM python:3.9-slim

WORKDIR /app

# Install dependencies first to leverage cache
COPY requirements.txt /app/requirements.txt
RUN pip install --no-cache-dir -r requirements.txt

# Copy application code
COPY . /app

# Create a non-root user and switch to it
RUN useradd -m -u 1000 user

# Set ownership
RUN chown -R user:user /app

USER user
ENV PATH="/home/user/.local/bin:$PATH"

EXPOSE 7860

CMD ["gunicorn", "-b", "0.0.0.0:7860", "app:app"]