# 🤖 GPT Local - Optimized Docker Container  
FROM python:3.12-alpine

# Instalar dependencias del sistema necesarias
RUN apk add --no-cache \
    gcc \
    musl-dev \
    libffi-dev \
    openssl-dev \
    curl \
    ca-certificates \
    git \
    && apk upgrade --no-cache

# Metadata
LABEL maintainer="GPT Local Team"
LABEL description="Sistema de chat GPT local con Hugging Face"
LABEL version="1.0"

# Configurar variables de entorno
ENV PYTHONPATH=/app
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV HF_HOME=/app/.cache/huggingface
ENV TRANSFORMERS_CACHE=/app/.cache/huggingface
ENV TORCH_HOME=/app/.cache/torch

# Crear directorio de trabajo
WORKDIR /app

# Crear usuario no privilegiado
RUN addgroup -g 1000 appuser && \
    adduser -D -s /bin/sh -u 1000 -G appuser appuser

# Copiar y instalar dependencias
COPY requirements.txt .
RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir -r requirements.txt

# Copiar código de la aplicación
COPY . .

# Crear directorios necesarios con permisos apropiados
RUN mkdir -p models models_cache logs .cache/huggingface .cache/torch && \
    chown -R appuser:appuser /app

# Cambiar a usuario no privilegiado
USER appuser

# Configurar permisos
RUN chmod +x *.py 2>/dev/null || true && \
    chmod +x *.sh 2>/dev/null || true

# Exponer puerto
EXPOSE 7860

# Healthcheck mejorado
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD curl -f http://localhost:7860/health || curl -f http://localhost:7860/ || exit 1

# Comando por defecto
CMD ["python3", "main.py"]