| FROM python:3.10-slim | |
| # 1) Install system deps (Graphviz provides `dot`) | |
| USER root | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| graphviz \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # 2) Create non-root user | |
| RUN useradd -m -u 1000 user | |
| ENV HOME=/home/user \ | |
| PATH=/home/user/.local/bin:$PATH | |
| WORKDIR $HOME/app | |
| # 3) Copy only requirements first for better caching | |
| COPY requirements.txt $HOME/app/requirements.txt | |
| RUN pip3 install --no-cache-dir -r requirements.txt | |
| # 4) Copy the rest of the app | |
| COPY . $HOME/app | |
| # 5) Fix ownership (no 777 needed) | |
| RUN chown -R user:user $HOME/app | |
| USER user | |
| # Optional: sanity check during build (remove later if you want) | |
| # RUN which dot && dot -V | |
| CMD ["python", "main.py"] |