# Use an official Python runtime as a parent image FROM python:3.11 # Set the working directory to /code WORKDIR /code # Create a non-root user (Recommended for security on Hugging Face) RUN useradd -m -u 1000 user # --- CRITICAL FIX IS HERE --- # Change ownership of the /code directory to the new user. # This ensures the user can write files (like git clone) into this folder. RUN chown user /code # Switch to the non-root user USER user ENV HOME=/home/user \ PATH=/home/user/.local/bin:$PATH # Switch back to root temporarily to install system dependencies USER root RUN apt-get update && apt-get install -y \ git \ && rm -rf /var/lib/apt/lists/* # Switch back to user for the rest of the operations USER user # Copy the start script into the container with correct permissions COPY --chown=user start.sh /code/start.sh RUN chmod +x /code/start.sh # Pre-install API dependencies RUN pip install --no-cache-dir \ fastapi \ "uvicorn[standard]" \ dropbox \ requests \ python-multipart # Define the command to run when the container starts CMD ["/code/start.sh"]