FROM python:3.9-slim

# 创建专用用户和缓存目录
RUN useradd -m appuser && \
    mkdir -p /app/model-cache && \
    chown -R appuser:appuser /app

# 设置环境变量
ENV TRANSFORMERS_CACHE=/app/model-cache \
    HF_HOME=/app/model-cache

# 切换到非root用户
USER appuser
WORKDIR /app

# 先安装系统依赖
RUN apt-get update && apt-get install -y --no-install-recommends \
    gcc \
    python3-dev \
    && rm -rf /var/lib/apt/lists/*

# 安装Python依赖
COPY requirements.txt .
RUN pip install --user --no-cache-dir -r requirements.txt

# 复制应用代码
COPY app.py .

# 设置PATH
ENV PATH="/home/appuser/.local/bin:${PATH}"

EXPOSE 5000
CMD ["python", "app.py"]