FROM python:3.10-slim

# Install gcc, g++, cmake and build tools as root before switching user
RUN apt-get update && apt-get install -y \
    build-essential \
    cmake \
    g++ \
    git \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# Create non-root user
RUN useradd -m -u 1000 user

# Switch to that user (applies to all following steps)
USER user
ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH

WORKDIR /home/user/app

# Install dependencies as user
COPY --chown=user:root requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Copy app files
COPY --chown=user:root app.py .

EXPOSE 7860

CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]