| # Use an official Python runtime as a parent image | |
| FROM python:3.10.9 | |
| # Set the working directory in the container | |
| WORKDIR /app | |
| COPY requirements.txt /app | |
| # Install any needed packages specified in requirements.txt | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| # Create a non-root user | |
| RUN useradd -m appuser | |
| # Create necessary directories and set permissions | |
| RUN mkdir -p /app/data /app/indexes && \ | |
| chown -R appuser:appuser /app && \ | |
| chmod -R 755 /app && \ | |
| mkdir -p /tmp/app-work && \ | |
| chown -R appuser:appuser /tmp/app-work && \ | |
| chmod -R 777 /tmp/app-work | |
| # Switch to the non-root user | |
| USER appuser | |
| # Copy the current directory contents into the container at /app | |
| COPY . /app | |
| # Start the FastAPI app on port 7860, the default port expected by Spaces | |
| CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860"] |