FROM python:3.10-slim

# Set environment variables
ENV PYTHONUNBUFFERED=1
# Prevents interactive prompts during apt-get install
ENV DEBIAN_FRONTEND=noninteractive

# Install ALL system dependencies, including fonts, in a single RUN to ensure PATH consistency
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        ffmpeg \
        libsm6 \
        libxext6 \
        fontconfig \
        debconf-utils && \ # debconf-utils installed here
    # For Microsoft Core Fonts EULA pre-acceptance, use full path for robustness
    echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" | /usr/bin/debconf-set-sections && \
    # Install Microsoft Core Fonts
    apt-get install -y --no-install-recommends ttf-mscorefonts-installer && \
    # Update font cache
    fc-cache -f -v && \
    # Clean up
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Create a non-root user and group for security and permission handling
ARG APP_USER_UID=1000
ARG APP_USER_GID=1000
RUN groupadd --gid $APP_USER_GID appgroup && \
    useradd --uid $APP_USER_UID --gid appgroup --shell /bin/bash --create-home appuser

# Set the working directory (this will also be appuser's home directory)
WORKDIR /home/appuser/app

# Copy requirements.txt first to leverage Docker build cache
COPY --chown=appuser:appgroup requirements.txt ./

# Upgrade pip and install Python dependencies as the appuser
USER appuser
RUN python -m pip install --no-cache-dir --upgrade pip
RUN python -m pip install --no-cache-dir -r requirements.txt

# Copy the rest of the application code as the appuser
# This ensures correct ownership from the start
COPY --chown=appuser:appgroup . .

# Expose Streamlit's default port
EXPOSE 8501

# Command to run Streamlit
CMD ["streamlit", "run", "app.py", "--server.headless=true", "--server.port=8501", "--server.fileWatcherType=none"]