# Dockerfile — SecureCodeEnv V2 # python:3.11-slim base | non-root user | HF port 7860 | 2 workers FROM python:3.11-slim # gcc required for tree-sitter grammar compilation # g++ required for some cryptographic packages RUN apt-get update && apt-get install -y \ gcc \ g++ \ && rm -rf /var/lib/apt/lists/* WORKDIR /app # Install Python dependencies first (layer cache) COPY requirements.txt . RUN pip install --no-cache-dir -r requirements.txt # Copy project COPY . . # Create upload directories used by tasks RUN mkdir -p /tmp/sandbox /tmp/uploads # Non-root user — security best practice RUN useradd -m appuser && chown -R appuser:appuser /app USER appuser # HuggingFace Spaces requires port 7860 EXPOSE 7860 # --workers 2: Redis sessions are stateless → safe to scale horizontally CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "7860", "--workers", "2"]