fixes

Dockerfile

@@ -1,14 +1,14 @@
 # Use an official Python runtime as a parent image
 FROM python:3.10-slim
 
-# Set the working directory in the container
-WORKDIR /code
+# Create a non-root user and group to run the application
+RUN groupadd -r appuser && useradd -r -g appuser -m appuser
 
-# Set environment variables for caching
-ENV PYTHONPATH="/code"
-ENV HF_HOME="/code/.cache"
+# Set environment variables for caching in a writable directory and for Python's module path
+ENV HF_HOME="/home/appuser/.cache"
+ENV PYTHONPATH="/app"
 
-# Install system dependencies
+# Install system dependencies as root
 RUN apt-get update && apt-get install -y --no-install-recommends \
     build-essential \
     ffmpeg \
@@ -16,16 +16,22 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     libxext6 \
     && rm -rf /var/lib/apt/lists/*
 
-# Copy and install Python dependencies
-COPY ./requirements.txt /code/requirements.txt
+# Set the working directory
+WORKDIR /app
+
+# Copy and install Python dependencies as root
+COPY ./requirements.txt /app/requirements.txt
 RUN pip install --no-cache-dir --upgrade pip
 RUN pip install --no-cache-dir -r requirements.txt gunicorn gevent
 
-# Copy the application code
-COPY . /code/
+# Copy the application code and set ownership to the non-root user
+COPY --chown=appuser:appuser . /app/
+
+# Switch to the non-root user
+USER appuser
 
-# Expose the port
+# Expose the port the app runs on
 EXPOSE 7860
 
-# Run the application
+# Command to run the application using Gunicorn
 CMD ["gunicorn", "--bind", "0.0.0.0:7860", "--workers", "4", "--worker-class", "gevent", "--timeout", "600", "app:app"]