FROM python:3.13.5-slim

WORKDIR /app

RUN apt-get update && apt-get install -y \
    build-essential \
    curl \
    git \
    && rm -rf /var/lib/apt/lists/*

# 创建非root用户并切换到该用户
RUN adduser --disabled-password --gecos '' myuser

COPY requirements.txt ./
COPY src/ ./src/

# 更改文件所有权
RUN chown -R myuser:myuser /app

# 安装依赖
RUN pip3 install -r requirements.txt

# 切换到非root用户
USER myuser

# 设置环境变量防止权限错误
ENV STREAMLIT_GATHER_USAGE_STATS=false
ENV STREAMLIT_SERVER_ENABLE_FILE_WATCHER=false

EXPOSE 8501

HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health

ENTRYPOINT ["streamlit", "run", "src/app.py", "--server.port=8501", "--server.address=0.0.0.0"]