FROM python:3.10-slim

WORKDIR /app

# Install system dependencies including wget for HF Spaces compatibility
RUN apt-get update && apt-get install -y \
    wget \
    curl \
    git \
    tar \
    && rm -rf /var/lib/apt/lists/*

# Create a non-root user and set up git config for that user
RUN useradd -m -u 1000 appuser && \
    mkdir -p /home/appuser && \
    chown -R appuser:appuser /home/appuser

# Create app directory structure as root first
RUN mkdir -p /app && \
    mkdir -p /app/hf_cache

# Switch to non-root user for git operations
USER appuser

# Set git config for the non-root user (avoids permission issues)
RUN git config --global user.email "appuser@docker.local" && \
    git config --global user.name "Docker App User"

# Switch back to root to install system packages
USER root

# Copy requirements and install Python dependencies
COPY requirements.txt .

# Install Python dependencies as root but make accessible to appuser
RUN pip install --no-cache-dir -r requirements.txt

# Copy application
COPY app.py .

# Set ownership to appuser
RUN chown -R appuser:appuser /app

# Switch back to non-root user for running the app
USER appuser

# Expose port
EXPOSE 7860

# Health check
HEALTHCHECK --interval=30s --timeout=30s --start-period=180s --retries=3 \
    CMD curl -f http://localhost:7860/health || exit 1

# Run application as non-root user
CMD ["python", "app.py"]