# Use Red Hat Universal Base Image (UBI) 9 with Python 3.11
FROM registry.access.redhat.com/ubi9/python-311:latest

# Switch to root for system installations
USER 0

# Install system dependencies
RUN dnf install -y \
    gcc \
    gcc-c++ \
    git \
    make \
    && dnf clean all \
    && rm -rf /var/cache/dnf

# Create application user (using Red Hat standard practices)
RUN useradd -u 1001 -g 0 -M -d /app user && \
    mkdir -p /app && \
    chown -R 1001:0 /app && \
    chmod -R g=u /app

# Set working directory
WORKDIR /app

# Switch to non-root user
USER 1001

# Copy requirements first to leverage Docker cache
COPY --chown=1001:0 ./requirements.txt requirements.txt
RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir --upgrade -r requirements.txt

# Copy application code
COPY --chown=1001:0 . /app
COPY --chown=1001:0 main/ /app/main

# Create directory for models cache
RUN mkdir -p /app/.cache/huggingface && \
    chmod -R g=u /app/.cache

# Environment variables
ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1
ENV HOME=/app
ENV HUGGINGFACE_HOME=/app/.cache/huggingface

EXPOSE 7860

# Command to run the application
CMD ["uvicorn", "main.main:app", "--host", "0.0.0.0", "--port", "7860"]