FROM python:3.9-slim

WORKDIR /app

# Create a non-root user first
RUN useradd -m -u 1000 user

# Copy files with correct ownership
COPY --chown=user . /app

# Install dependencies
RUN pip install --no-cache-dir flask gunicorn

# Switch to non-root user
USER user

ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH

CMD ["gunicorn", "-b", "0.0.0.0:7860", "app:app"]