FROM python:3.11-slim

# Install essential packages with no-install-recommends to minimize size
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        # Basic system tools
        gcc \
        g++ \
        make \
        git \
        wget \
        curl \
        procps \
        # Java runtime - using OpenJDK 17 headless
        openjdk-17-jre-headless \
        openjdk-17-jdk-headless \
    && rm -rf /var/lib/apt/lists/* \
    && apt-get clean

# Set JAVA_HOME and optimize JVM for containers
ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
ENV PATH="$JAVA_HOME/bin:$PATH"

# Create app directory first
WORKDIR /app

# Create non-root user with proper ulimits
RUN useradd -m -u 1000 user && \
    chown -R user:user /app && \
    # Set ulimits for the user to prevent Java memory allocation issues
    echo "user soft nofile 65536" >> /etc/security/limits.conf && \
    echo "user hard nofile 65536" >> /etc/security/limits.conf && \
    echo "user soft nproc 32768" >> /etc/security/limits.conf && \
    echo "user hard nproc 32768" >> /etc/security/limits.conf && \
    echo "user soft memlock unlimited" >> /etc/security/limits.conf && \
    echo "user hard memlock unlimited" >> /etc/security/limits.conf && \
    echo "user soft stack 8192" >> /etc/security/limits.conf && \
    echo "user hard stack 8192" >> /etc/security/limits.conf

# Create a startup script to set ulimits
RUN echo '#!/bin/bash\n\
ulimit -n 65536\n\
ulimit -u 32768\n\
ulimit -m unlimited\n\
ulimit -s 8192\n\
ulimit -v unlimited\n\
exec "$@"' > /entrypoint.sh && \
    chmod +x /entrypoint.sh

# Verify installations
RUN python3 --version && \
    gcc --version && \
    g++ --version && \
    java -version && \
    javac -version

# Switch to non-root user
USER user
ENV PATH="/home/user/.local/bin:$PATH"

# Copy requirements first (better layer caching)
COPY --chown=user:user ./requirements.txt requirements.txt

# Install Python dependencies
RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir --upgrade -r requirements.txt

# Copy application code
COPY --chown=user:user . /app

# Create temporary directory for code execution
RUN mkdir -p /tmp/code_workspace && chmod 755 /tmp/code_workspace

# Expose port
EXPOSE 7860

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:7860/health || exit 1

# Start command with explicit memory settings for uvicorn
ENTRYPOINT ["/entrypoint.sh"]
CMD ["python", "-m", "uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]