# 1. Start from the base image as before
FROM ghcr.io/parasshah10/grok2api:latest

# 2. Create a non-root user (named 'user' with UID 1000).
#    Then, create the directories the app needs to write to (/app/logs and /app/data).
#    Finally, change the ownership of the entire /app directory to this new user.
RUN useradd -m -u 1000 user && \
    mkdir -p /app/logs /app/data && \
    chown -R 1000:1000 /app

# 3. Switch to the newly created non-root user.
#    All subsequent commands will be run by 'user', who now has write access to /app.
USER user

# 4. Expose the port as before.
EXPOSE 8000

# The CMD is inherited from the base image, so we don't need to specify it again.
# The base image already knows how to start the uvicorn server.