Spaces:
Sleeping
Sleeping
| # Dockerfile β SecureCodeEnv V2 | |
| # python:3.11-slim base | non-root user | HF port 7860 | 2 workers | |
| FROM python:3.11-slim | |
| # gcc required for tree-sitter grammar compilation | |
| # g++ required for some cryptographic packages | |
| RUN apt-get update && apt-get install -y \ | |
| gcc \ | |
| g++ \ | |
| && rm -rf /var/lib/apt/lists/* | |
| WORKDIR /app | |
| # Install Python dependencies first (layer cache) | |
| COPY requirements.txt . | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| # Copy project | |
| COPY . . | |
| # Create upload directories used by tasks | |
| RUN mkdir -p /tmp/sandbox /tmp/uploads | |
| # Non-root user β security best practice | |
| RUN useradd -m appuser && chown -R appuser:appuser /app | |
| USER appuser | |
| # HuggingFace Spaces requires port 7860 | |
| EXPOSE 7860 | |
| # --workers 2: Redis sessions are stateless β safe to scale horizontally | |
| CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "7860", "--workers", "2"] | |