FROM python:3.9

# Create a non-root user for better security
RUN useradd -m -u 1000 user
USER user

# Add the user's local bin to the PATH. This is where pip installs executables.
ENV PATH="/home/user/.local/bin:$PATH"

# Set the working directory inside the container
WORKDIR /app

# Copy only the requirements.txt first to leverage Docker layer caching
COPY --chown=user ./requirements.txt requirements.txt
# Install the dependencies specified in requirements.txt
RUN pip install --no-cache-dir --upgrade -r requirements.txt

# Copy the rest of your application code into the container
COPY --chown=user . /app

# The CMD instruction tells Docker how to run your application.
# This command starts the Gunicorn server, binding it to port 7860 on all network interfaces,
# and points it to the 'app' object inside your 'app.py' file.
CMD ["gunicorn", "-b", "0.0.0.0:7860", "app:app"]