Fix ownership Dockerfile

Dockerfile

@@ -1,30 +1,51 @@
-# Use Python 3.12.1 slim image as base
+# Use a minimal Python image
 FROM python:3.12.1-slim
 
-# Install dependencies required for UV and Python packages
+# Install system dependencies required for UV and Git
 RUN apt-get update && apt-get install -y --no-install-recommends \
     curl ca-certificates git && \
     rm -rf /var/lib/apt/lists/*
 
 # Install UV (fast Python dependency manager)
-RUN curl -LsSf https://astral.sh/uv/install.sh | sh
+RUN curl -LsSf https://astral.sh/uv/install.sh | sh && \
+    mv /root/.local/bin/uv /usr/local/bin/uv && chmod +x /usr/local/bin/uv
 
-# Ensure UV is available in PATH
-ENV PATH="/root/.local/bin:$PATH"
+# Verify UV installation
+RUN uv --version
+
+# Create a non-root user for security
+RUN useradd -m -u 1000 uvuser
+
+# Set environment variables properly
+ENV HOME=/home/uvuser \
+    PATH="/usr/local/bin:$PATH" \
+    XDG_CACHE_HOME=/home/uvuser/.cache \
+    UV_VENV_PATH="/home/uvuser/.venv"
 
 # Set working directory
-WORKDIR /app
+WORKDIR /home/uvuser/app
+
+# Ensure necessary directories exist and are writable
+RUN mkdir -p /app/uploaded_files /home/uvuser/.cache && chown -R uvuser:uvuser /app /home/uvuser
+
+# Copy pyproject.toml and uv.lock to the working directory
+COPY pyproject.toml uv.lock ./
+
+# Create the virtual environment and install dependencies as root
+RUN uv venv && uv sync $(test -f uv.lock && echo "--frozen" || echo "")
+
+# Fix ownership of cache and installed dependencies
+RUN chown -R uvuser:uvuser /home/uvuser/.cache /home/uvuser/.venv /home/uvuser/app || true
 
-# Copy pyproject and install dependencies using UV
-COPY pyproject.toml .
-RUN uv venv && uv sync
+# Switch to non-root user before running the app
+USER uvuser
 
-# Copy application code
-COPY app.py .
+# Copy the rest of the application code
+COPY --chown=uvuser:uvuser . ./
 
 # Expose Gradio app port
 EXPOSE 7860
 ENV GRADIO_SERVER_NAME="0.0.0.0"
 
-# Entrypoint to run the Gradio app
-ENTRYPOINT ["uv", "run", "python", "app.py"]
+# Run the application
+CMD ["uv", "run", "python", "app.py"]

uv.lock

@@ -1150,7 +1150,7 @@ wheels = [
 
 [[package]]
 name = "openai"
-version = "1.65.2"
+version = "1.65.3"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "anyio" },
@@ -1162,9 +1162,9 @@ dependencies = [
     { name = "tqdm" },
     { name = "typing-extensions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/f6/03/0bbf201a7e44920d892db0445874c8111be4255cb9495379df18d6d36ea1/openai-1.65.2.tar.gz", hash = "sha256:729623efc3fd91c956f35dd387fa5c718edd528c4bed9f00b40ef290200fb2ce", size = 359185 }
+sdist = { url = "https://files.pythonhosted.org/packages/32/4f/b34b6fad12e1f6b3f42922214c161d5ef74a50fa97d9ae7d680db0958ff4/openai-1.65.3.tar.gz", hash = "sha256:9b7cd8f79140d03d77f4ed8aeec6009be5dcd79bbc02f03b0e8cd83356004f71", size = 358821 }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/2c/3b/722ed868cb56f70264190ed479b38b3e46d14daa267d559a3fe3bd9061cf/openai-1.65.2-py3-none-any.whl", hash = "sha256:27d9fe8de876e31394c2553c4e6226378b6ed85e480f586ccfe25b7193fb1750", size = 473206 },
+    { url = "https://files.pythonhosted.org/packages/86/d5/b8378be0f4cf192992aa3080eb9ddcdca3109b399be61984424aaa79f847/openai-1.65.3-py3-none-any.whl", hash = "sha256:a155fa5d60eccda516384d3d60d923e083909cc126f383fe4a350f79185c232a", size = 472758 },
 ]
 
 [[package]]
@@ -2042,7 +2042,7 @@ wheels = [
 [[package]]
 name = "yourbench"
 version = "0.2.0"
-source = { git = "https://github.com/huggingface/yourbench.git?rev=v0.2-alpha-summarization#405b90ee6ce4fa97c685da3d1124208a1cca6eeb" }
+source = { git = "https://github.com/huggingface/yourbench.git?rev=v0.2-alpha-summarization#11d9df14106262cd5f768808307d9ca48c532e02" }
 dependencies = [
     { name = "asyncio" },
     { name = "datasets" },