FROM python:3.10.9 # Create a non-root user and group with a specified UID and GID RUN addgroup --gid 1001 appgroup && adduser --uid 1001 --gid 1001 --disabled-password --gecos "" appuser # Create directories with appropriate permissions and change ownership RUN mkdir -p /tmp/NUMBA_CACHE_DIR /tmp/MPLCONFIGDIR /home/appuser/.local /opt/venv /home/appuser/.cache/tts RUN chown -R appuser:appgroup /tmp/NUMBA_CACHE_DIR /tmp/MPLCONFIGDIR /home/appuser/.local /opt/venv /home/appuser/.cache/tts # Set environment variables ENV NUMBA_CACHE_DIR=/tmp/NUMBA_CACHE_DIR/ ENV MPLCONFIGDIR=/tmp/MPLCONFIGDIR/ ENV HOME=/home/appuser ENV PATH="/opt/venv/bin:$PATH" # Copy all files to the container COPY . . # Set the working directory WORKDIR / # Install virtualenv and set up the virtual environment as root RUN python -m venv /opt/venv # Change ownership of the virtual environment directory to the non-root user RUN chown -R appuser:appgroup /opt/venv # Switch to the non-root user USER appuser # Activate the virtual environment and install requirements RUN /opt/venv/bin/pip install --no-cache-dir --upgrade pip && \ /opt/venv/bin/pip install --no-cache-dir --upgrade -r /requirements.txt # Command to run the application CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]