FROM python:3.10-slim

# 设置环境变量
ENV TRANSFORMERS_CACHE=/model-cache \
    PYTHONUNBUFFERED=1 \
    PATH="/home/appuser/.local/bin:${PATH}"

# 安装系统依赖
RUN apt-get update && \
    apt-get install -y --no-install-recommends gcc python3-dev && \
    rm -rf /var/lib/apt/lists/*

# 创建用户和缓存目录
RUN adduser --disabled-password --gecos "" appuser && \
    mkdir -p /model-cache && \
    chown -R appuser:appuser /model-cache

# 切换用户
USER appuser
WORKDIR /app

# 安装Python依赖
COPY requirements.txt .
RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir -r requirements.txt

# 复制应用代码
COPY app.py .

EXPOSE 8080
CMD ["gunicorn", "--bind", "0.0.0.0:8080", "--timeout", "120", "app:app"]