| # Use an official Python runtime as a parent image | |
| FROM python:3.10-slim | |
| # Set environment variables | |
| ENV PYTHONDONTWRITEBYTECODE 1 | |
| ENV PYTHONUNBUFFERED 1 | |
| # Set the DuckDB path inside the container | |
| ENV DUCKDB_PATH /app/data/mydatabase.db | |
| # Create a non-root user and group | |
| RUN adduser --disabled-password --gecos "" appuser | |
| # Set the working directory in the container | |
| WORKDIR /app | |
| # Copy the requirements file into the container at /app | |
| COPY requirements.txt /app/ | |
| # Install any needed packages specified in requirements.txt | |
| # Use --no-cache-dir to reduce image size | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| # Copy the current directory contents into the container at /app | |
| COPY . /app/ | |
| # Create the data directory and set permissions | |
| # Run these steps as root before switching user | |
| RUN mkdir -p /app/data && chown -R appuser:appuser /app | |
| # Switch to the non-root user | |
| USER appuser | |
| # Make port 7860 available to the world outside this container (Hugging Face default) | |
| EXPOSE 7860 | |
| # Run main.py when the container launches using Uvicorn | |
| # Use 0.0.0.0 to make it accessible externally | |
| CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860"] |