# Use a lightweight Python image
FROM python:3.9

# Create a non-root user
RUN useradd -m -u 1000 user
USER user
ENV PATH="/home/user/.local/bin:$PATH"

# Set working directory
WORKDIR /app

# Copy requirements and install as non-root
COPY --chown=user ./requirements.txt requirements.txt
RUN pip install --no-cache-dir --upgrade pip
RUN pip install --no-cache-dir -r requirements.txt

# Copy app source code
COPY --chown=user . /app

# Expose port (match the Flask port or environment variable)
EXPOSE 5000

# Run Flask app using gunicorn for production (safer than Flask dev server)
CMD ["gunicorn", "--bind", "0.0.0.0:5000", "app:app", "--workers", "2"]