FROM python:3.9-slim

# Create a non-root user
RUN useradd -m -u 1000 user

WORKDIR /app

# Copy requirements first to leverage cache
COPY requirements.txt /app/requirements.txt

# Install dependencies
RUN pip install --no-cache-dir -r requirements.txt

# Copy the rest of the application
COPY --chown=user:user . /app

# Switch to the non-root user
USER user

# Expose the port
EXPOSE 7860

# Run with Gunicorn for production-grade performance
CMD ["gunicorn", "-b", "0.0.0.0:7860", "app:app"]