Refactor Dockerfile to improve user permissions and cache handling

Dockerfile

@@ -15,26 +15,20 @@ FROM python:${PYTHON_VERSION}-slim as base
 # the application crashes without emitting any logs due to buffering.
 ENV PYTHONUNBUFFERED=1
 
-WORKDIR /app
-
-# Create a non-privileged user that the app will run under.
-# See https://docs.docker.com/go/dockerfile-user-best-practices/
-ARG UID=10001
-RUN adduser \
-    --disabled-password \
-    --gecos "" \
-    --home "/nonexistent" \
-    --shell "/sbin/nologin" \
-    --no-create-home \
-    --uid "${UID}" \
-    appuser
-
-ENV PATH="/home/appuser/.local/bin:$PATH"
+RUN adduser appuser
+
+USER appuser
+
+ENV HOME=/home/appuser \
+    PATH=/home/appuser/.local/bin:$PATH
+
+ENV TRANSFORMERS_CACHE=$HOME/app/.cache/huggingface/hub
+
+WORKDIR $HOME/app
 
 COPY --chown=appuser ./requirements.txt requirements.txt
 RUN mkdir -p /app/.cache \
     && chown -R appuser:appuser /app/.cache
-ENV TRANSFORMERS_CACHE=/app/.cache/huggingface/hub
 
 # Download dependencies as a separate step to take advantage of Docker's caching.
 # Leverage a cache mount to /root/.cache/pip to speed up subsequent builds.
@@ -43,11 +37,8 @@ ENV TRANSFORMERS_CACHE=/app/.cache/huggingface/hub
 RUN python -m pip install --upgrade pip \
     && python -m pip install --no-cache-dir -r requirements.txt
 
-# Switch to the non-privileged user to run the application.
-USER appuser
-
 # Copy the source code into the container.
-COPY --chown=user . /app
+COPY --chown=appuser . $HOME/app
 
 # Expose the port that the application listens on.
 EXPOSE 7860