# Use Python 3.12 slim image as base
FROM python:3.12-slim

# Set up a new user named "user" with user ID 1000
RUN useradd -m -u 1000 user

# Set home to the user's home directory and add local bin to PATH
ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH

# Create necessary directories first
RUN mkdir -p /app/logs /app/.cache /app/models \
    && chmod 777 /app/logs /app/.cache /app/models

# Set working directory to the user's app directory
WORKDIR $HOME/app

# Copy requirements first to leverage Docker cache
COPY --chown=user requirements.txt .

# Install dependencies as the user
USER user
RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir -r requirements.txt

# Copy the application code with correct ownership
COPY --chown=user main $HOME/app/main
COPY --chown=user utils $HOME/app/utils

# Set environment variables
ENV PYTHONPATH=$HOME/app/main
ENV PYTHONUNBUFFERED=1
ENV HF_HOME=$HOME/app/.cache

# Expose secret at buildtime if needed
RUN --mount=type=secret,id=HF_TOKEN,mode=0444,required=true \
    export HF_TOKEN=$(cat /run/secrets/HF_TOKEN)

# Expose the port (Hugging Face API runs on 7680)
EXPOSE 7680

# Command to run the application
CMD ["python", "-m", "main.app"]