FROM library/python:latest

WORKDIR /app

COPY requirements.txt /app
RUN --mount=type=cache,target=/root/.cache/pip \
    pip3 install -r requirements.txt

COPY internal_app.py /app

RUN adduser --disabled-password --gecos '' appuser

USER appuser

EXPOSE 80

ENTRYPOINT gunicorn --bind 0.0.0.0:80 internal_app:app
