| # Use an official Python runtime as a parent image | |
| FROM python:3.9-slim | |
| # Set the working directory in the container | |
| WORKDIR /app | |
| # Copy the dependencies file to the working directory | |
| COPY requirements.txt . | |
| # Install any needed packages specified in requirements.txt | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| # Copy the content of the local src directory to the working directory | |
| COPY main.py . | |
| # Create the directory for uploads | |
| # This command runs as root, so it has permission | |
| RUN mkdir uploads | |
| # --- FIX: Use Debian-compatible commands to create a non-root user --- | |
| # Create a system group and user for security best practices | |
| RUN addgroup --system appgroup && adduser --system --ingroup appgroup --no-create-home appuser | |
| # Change the ownership of the app directory to the new user | |
| RUN chown -R appuser:appgroup /app | |
| # Switch to the non-root user | |
| USER appuser | |
| # Make port 8000 available to the world outside this container | |
| EXPOSE 8000 | |
| # Run the app. | |
| CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"] |