FROM docker.io/library/python:3.10-slim@sha256:80619a5316afae7045a3c13371b0ee670f39bac46ea1ed35081d2bf91d6c3dbd

# Create a group and user
RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser

# Set the working directory
WORKDIR /app

# Copy the application files
COPY . .

# Create a new cache directory outside of /app
RUN mkdir -p /cache/huggingface && chown -R appuser:appgroup /cache/huggingface

# Set environment variable to point to the new cache directory
ENV HF_HOME=/cache/huggingface

# Set the ownership of the entire /app directory and cache directory
RUN chown -R appuser:appgroup /app /cache/huggingface

# Switch to the non-root user
USER root

# Install Python dependencies
RUN pip install --no-cache-dir -r requirements.txt

USER appuser

# Expose the port that the application listens on
EXPOSE 8000

# Run the application
ENTRYPOINT ["gunicorn", "app:app"]
CMD ["-b", "0.0.0.0:7860"]