asdf

Dockerfile

@@ -4,12 +4,25 @@ FROM python:3.12
 # Set working directory
 WORKDIR /code
 
+# Create a non-root user and set permissions
+RUN useradd -m -u 1000 user && \
+    mkdir -p /home/user/.cache/huggingface && \
+    chown -R user:user /home/user/.cache /code
+
+# Set environment variables
+ENV HOME=/home/user \
+    HF_HOME=/home/user/.cache/huggingface \
+    PATH=/home/user/.local/bin:$PATH
+
+# Switch to the new user
+USER user
+
 # Copy requirements and install dependencies
-COPY ./requirements.txt /code/requirements.txt
+COPY --chown=user:user ./requirements.txt /code/requirements.txt
 RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt
 
 # Copy application files
-COPY . /code/app
+COPY --chown=user:user . /code/app
 
 # Hugging Face Spaces does NOT support --mount=type=secret.
 # Instead, access HF_TOKEN via environment variables at runtime.