# Dockerfile for Streamlit app in src/ folder with Transformers cache fix

# 1. Base image
FROM python:3.9-slim

# 2. Install curl for HEALTHCHECK
RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*

# 3. Create non-root user for security
RUN useradd -m -u 1000 appuser

# 4. Set working directory
WORKDIR /app

# 5. Set HOME to /app to avoid writing to root
ENV HOME=/app

# 6. Environment variables for writable cache/config dirs and PATH
ENV STREAMLIT_CONFIG_DIR=/app/.streamlit \
    HF_HOME=/app/.cache/huggingface \
    XDG_CACHE_HOME=/app/.cache \
    STREAMLIT_HOME=/app/.cache/streamlit \
    PATH=/app/.local/bin:$PATH

# 7. Create cache directories with correct permissions
RUN mkdir -p /app/.streamlit \
    && mkdir -p /app/.cache/huggingface/hub \
    && mkdir -p /app/.cache/streamlit \
    && chmod -R 755 /app/.cache /app/.streamlit \
    && chown -R appuser:appuser /app

# 8. Upgrade pip
RUN pip install --upgrade pip

# 9. Copy requirements as root to ensure permissions
COPY requirements.txt .

# 10. Install dependencies as appuser
USER appuser
RUN pip install --no-cache-dir -r requirements.txt

# 11. Copy source code as appuser
COPY --chown=appuser:appuser src/ ./src

# 12. Move .streamlit/config.toml to the correct location with proper permissions
RUN if [ -f /app/src/.streamlit/config.toml ]; then \
        mv /app/src/.streamlit/config.toml /app/.streamlit/config.toml && \
        chmod 644 /app/.streamlit/config.toml; \
    fi

# 13. Expose Streamlit default port
EXPOSE 8501

# 14. Healthcheck to verify app is running
HEALTHCHECK --interval=30s --timeout=3s \
    CMD curl -f http://localhost:8501/healthz || exit 1

# 15. Launch Streamlit pointing to src/app.py
CMD ["/app/.local/bin/streamlit", "run", "src/app.py", \
     "--server.port=8501", \
     "--server.address=0.0.0.0"]