Non-root dockerfile (#61)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **Refactor**
- Streamlined the build process and runtime environment setup in the
Docker configuration.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Author: csikb

Dockerfile

@@ -1,7 +1,6 @@
-FROM python:3.12 as builder
-
-WORKDIR /app
+FROM python:3.12 AS builder
 
+WORKDIR /builder
     # python
 ENV PYTHONUNBUFFERED=1 \
     # prevents python creating .pyc files
@@ -17,7 +16,11 @@ RUN pip wheel --no-cache-dir --no-deps --wheel-dir ./wheels -r requirements.txt
 
 FROM python:3.12-slim AS app
 
-WORKDIR /app
+RUN adduser --system --group --home /home/nonroot nonroot
+ENV PATH="/home/nonroot/.local/bin:${PATH}"
+USER nonroot:nonroot
+
+WORKDIR /home/nonroot/app
 
     # python
 ENV PYTHONUNBUFFERED=1 \
@@ -28,11 +31,10 @@ ENV PYTHONUNBUFFERED=1 \
     PIP_NO_CACHE_DIR=off \
     PIP_DISABLE_PIP_VERSION_CHECK=on
 
-COPY --from=builder /app/wheels ./wheels
-COPY --from=builder /app/requirements.txt ./
+COPY --from=builder /builder/wheels ./wheels
+COPY --from=builder /builder/requirements.txt ./
 
 RUN pip install --no-cache-dir ./wheels/*
-ENV PATH="/home/abc/.local/bin:${PATH}"
 
 COPY ./src ./src
 

docker-compose.yml

@@ -4,7 +4,7 @@ services:
     build:
       context: .
     ports:
-      - "80:80"
+      - "80"
     environment:
       SERVER_BASE_PATH: /assets
     healthcheck:
@@ -14,4 +14,6 @@ services:
       timeout: 5s
       retries: 5
     volumes:
-      - ./assets:/assets
+      - assets:/assets
+volumes:
+  assets: