###############################
# Base Stage
###############################
FROM python:3.13-slim AS base

ENV PYTHONDONTWRITEBYTECODE=1 \
	PYTHONUNBUFFERED=1 \
	PIP_NO_CACHE_DIR=1 \
	PIP_DISABLE_PIP_VERSION_CHECK=1 \
	PIP_ROOT_USER_ACTION=ignore

WORKDIR /app

# System deps (可按需精简)
RUN apt-get update && apt-get install -y --no-install-recommends \
	curl ca-certificates tini && \
	rm -rf /var/lib/apt/lists/*

###############################
# Dependencies Stage
###############################
FROM base AS deps
COPY requirements.txt ./
RUN pip install --upgrade pip && pip install -r requirements.txt

###############################
# Runtime Stage
###############################
FROM base AS runtime

# 创建非root用户
RUN useradd -m -u 1000 appuser

# 复制已安装依赖
COPY --from=deps /usr/local/lib/python3.13 /usr/local/lib/python3.13
COPY --from=deps /usr/local/bin /usr/local/bin

# 复制项目代码
COPY . .

# 环境变量（HF Spaces 会自动传递 PORT）
ENV HOST=0.0.0.0 \
	PORT=7860 \
	LOG_LEVEL=INFO

# Expose for local run (HF 会忽略但仍可保留)
EXPOSE 7860

# 切换用户
USER appuser

# 健康检查脚本 (使用 shell 单行 Python 方式，兼容性更好)
HEALTHCHECK --interval=30s --timeout=5s --start-period=40s --retries=3 \
  CMD python -c "import os,urllib.request,sys;port=os.environ.get('PORT','7860');\nimport urllib.error;\nurl=f'http://127.0.0.1:{port}/keepalive';\nreq=urllib.request.Request(url,method='HEAD');\n\ntry:\n resp=urllib.request.urlopen(req,timeout=5);\n sys.exit(0 if resp.getcode()==200 else 1)\nexcept Exception: sys.exit(1)" || exit 1

# 入口使用 tini 处理信号，优雅退出
ENTRYPOINT ["/usr/bin/tini","--"]

# 默认启动命令：优先使用 app.py（支持 HF Spaces Gradio/Docker 双模式）
CMD ["python","app.py"]