Execute docker as non-root

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.8.12-slim-bullseye
+FROM python:3.8.12-slim-bullseye as builder
 
 ARG with_models=false
 ARG models=
@@ -13,24 +13,35 @@ RUN apt-get update -qq \
 
 RUN apt-get update && apt-get upgrade --assume-yes
 
-RUN pip install --upgrade pip
+RUN python -mvenv venv && ./venv/bin/pip install --upgrade pip
 
 COPY . .
 
 
 RUN if [ "$with_models" = "true" ]; then  \
   # install only the dependencies first
-  pip install -e .;  \
+  ./venv/bin/pip install -e .;  \
   # initialize the language models
   if [ ! -z "$models" ]; then \
-  ./install_models.py --load_only_lang_codes "$models";   \
+  ./venv/bin/python install_models.py --load_only_lang_codes "$models";   \
   else \
-  ./install_models.py;  \
+  ./venv/bin/python install_models.py;  \
   fi \
   fi
 # Install package from source code
-RUN pip install . \
+RUN ./venv/bin/pip install . \
-  && pip cache purge
+  && ./venv/bin/pip cache purge
+
+
+
+FROM python:3.8.12-slim-bullseye
+
+RUN addgroup --system --gid 1032 libretranslate && adduser --system --uid 1032 libretranslate
+RUN apt-get update -qq && apt-get -qqq install --no-install-recommends -y libicu67 && apt-get clean && rm -rf /var/lib/apt
+USER libretranslate
+
+COPY --from=builder --chown=libretranslate:libretranslate /app /app
+WORKDIR /app
 
 EXPOSE 5000
-ENTRYPOINT [ "libretranslate", "--host", "0.0.0.0" ]
+ENTRYPOINT [ "./venv/bin/libretranslate", "--host", "0.0.0.0" ]