FROM docker.io/library/python:3.10-slim@sha256:80619a5316afae7045a3c13371b0ee670f39bac46ea1ed35081d2bf91d6c3dbd

# Create a group and user
RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser

# Set the working directory
WORKDIR /app

# Copy the application files
COPY . .

# Create the .cache directory inside /app and set permissions
RUN mkdir -p /app/.cache/huggingface && chown -R appuser:appgroup /app/.cache

# Set environment variable to point to the cache directory
ENV HF_HOME=/app/.cache/huggingface

USER root

# Install Python dependencies
RUN pip install --no-cache-dir -r requirements.txt

# Set the ownership of the entire /app directory
RUN chown -R appuser:appgroup /app

# Switch to the non-root user
USER appuser

# Expose the port that the application listens on
EXPOSE 8000

# Run the application
ENTRYPOINT ["gunicorn", "app:app"]
CMD ["-b", "0.0.0.0:7860"]