FROM python:3.12-slim

# 设置工作目录
WORKDIR /app

# 安装系统依赖
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    ffmpeg \
    && rm -rf /var/lib/apt/lists/*

# 复制依赖文件
COPY requirements.txt .

# 安装Python依赖
RUN pip install --no-cache-dir -r requirements.txt

# 创建非特权用户
RUN useradd -m -s /bin/bash app

# 复制应用代码
COPY . .

# 设置权限
RUN chown -R app:app /app

# 切换到非特权用户
USER app

# 设置环境变量
ENV PYTHONUNBUFFERED=1

# 暴露端口
EXPOSE 7860

# 启动命令
CMD ["/bin/bash", "start.sh"]