FROM python:3.10-slim

# 设置全局环境变量
ENV PYTHONUNBUFFERED=1 \
    PATH="/home/appuser/.local/bin:${PATH}"

# 安装系统依赖
RUN apt-get update && \
    apt-get install -y --no-install-recommends gcc python3-dev && \
    rm -rf /var/lib/apt/lists/*

# 创建应用用户
RUN useradd -m appuser && \
    mkdir -p /model-cache && \
    chown -R appuser:appuser /model-cache

# 切换用户
USER appuser
WORKDIR /app

# 安装Python依赖（单条RUN指令）
COPY requirements.txt .
RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir gunicorn==21.2.0 && \
    pip install --no-cache-dir -r requirements.txt

# 复制应用代码
COPY app.py .

EXPOSE 7860
CMD ["gunicorn", "--bind", "0.0.0.0:7860", "app:app"]