Пример сборки nonroot контейнера для запуска Python проектов в Docker.

FROM python:3.12-slim

EXPOSE 8080
ARG USERNAME=nonroot
ARG UID=1005
ARG GID=1005
RUN groupadd -g "${GID}" ${USERNAME} \
  && useradd --create-home --no-log-init -u "${UID}" -g "${GID}" ${USERNAME}

USER ${USERNAME}
WORKDIR /home/${USERNAME}

# very important line
ENV PATH="$PATH:/home/${USERNAME}/.local/bin"
ENV PYTHONUNBUFFERED=1
COPY requirements.txt ./
RUN pip3 install --disable-pip-version-check --no-cache-dir -r requirements.txt
#RUN pip3 install --disable-pip-version-check --no-cache-dir django

COPY --chown=${USERNAME}:${USERNAME} app./
COPY --chown=${USERNAME}:${USERNAME}  manage.py ./

ENTRYPOINT ["gunicorn", "--bind", ":8080", "app.wsgi"]