Dockerfile

FROM python:3.11-slim

# Set environment variables
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PYTHONFAULTHANDLER=1 \
    HOME_DIR=/home/user \
    APP_DIR=/home/user/app \
    PATH="/root/.local/bin:$PATH" \
    PYTHONPATH="/home/user/app:$PYTHONPATH"

# Add non-root user
RUN useradd -m -u 1000 user

# Install system dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Install uv (as root, it will go to /root/.local/bin)
RUN curl -LsSf https://astral.sh/uv/install.sh | sh

# Set working directory
WORKDIR ${APP_DIR}

# Copy all project files. Crucially, these are now owned by root by default
# as we haven't switched user yet. This ensures setuptools (run by root's uv)
# can read them and write build artifacts in this directory.
COPY . ${APP_DIR}

# Install dependencies using uv (run as root, installing system-wide)
# This will also build and install the local insightflow-ai package
RUN uv pip install --system --no-cache .

# Now that installation is done, change ownership of the app directory to the non-root user
RUN chown -R user:user ${APP_DIR}

# Switch to non-root user for subsequent operations and runtime
USER user

# Create necessary runtime directories (as non-root user)
RUN mkdir -p ${APP_DIR}/exports ${APP_DIR}/data_sources

# Run data download script to initialize data sources (as non-root user)
RUN python ${APP_DIR}/download_data.py

# Expose the port the app runs on
EXPOSE 7860

# Run the app
CMD ["chainlit", "run", "app.py", "--host", "0.0.0.0", "--port", "7860"]