Dockerfile

# Use an official Python runtime as a parent image
FROM python:3.9

# Set environment variables that don't depend on the user
ENV PYTHONUNBUFFERED 1
ENV PIP_NO_CACHE_DIR=1 

# Install system dependencies required by OpenCV and other libraries
# These commands need to run as root
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
    libgl1-mesa-glx \
    libgl1 \
    libglx-mesa0 \
    libopengl0 \
    libglib2.0-0 \
    libsm6 \
    libxext6 \
    libxrender-dev \
    # ffmpeg is useful for video processing if cv2 needs it for certain codecs.
    # Add it if you encounter video format issues.
    # ffmpeg \ 
    && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Now, create and switch to the non-root user
RUN useradd -m -u 1000 user
USER user

# Set PATH for the non-root user
# Comments for ENV should be on a separate line above
ENV PATH="/home/user/.local/bin:${PATH}"

# Set the working directory in the container (as the non-root user)
WORKDIR /app

# Copy the requirements file into the container at /app
# Ensure the user owns this file after copying
COPY --chown=user:user ./requirements.txt requirements.txt

# Install any needed packages specified in requirements.txt
# This will run as the non-root user, installing packages into the user's site-packages
RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir -r requirements.txt

# Copy the rest of the application code into the container at /app
# Ensure the user owns these files
COPY --chown=user:user . /app

# Expose port (Hugging Face Spaces typically use 7860 for web apps)
EXPOSE 7860

# Command to run the application using uvicorn
# It will listen on all available network interfaces (0.0.0.0)
CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]