FROM python:3.10.9

# Create the /app directory as root
RUN mkdir /app

# Create a non-root user
RUN adduser --disabled-password --gecos '' appuser
ENV PATH="/home/appuser/.local/bin:${PATH}"

# Set the ownership of the /app directory to the non-root user
RUN chown appuser:appuser /app

# Switch to the non-root user
USER appuser

WORKDIR /app

# Copy the current directory contents into the container at /app
COPY . /app

# Install requirements.txt
RUN pip install --no-cache-dir --upgrade -r /app/requirements.txt

# Set the HF_HOME environment variable
ENV HF_HOME=/app/cache

# Create the cache directory
RUN mkdir /app/cache

# Start the FastAPI app on port 7860, the default port expected by Spaces
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860"]