FROM python:3.11-slim

# Create non-root user
RUN useradd --create-home --shell /bin/bash app_user

# Set working directory
WORKDIR /app

# Environment variables
ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONPATH=/app
ENV STREAMLIT_SERVER_HEADLESS=true
ENV STREAMLIT_SERVER_PORT=7860
ENV STREAMLIT_SERVER_ADDRESS=0.0.0.0
ENV MPLCONFIGDIR=/tmp/matplotlib
ENV STREAMLIT_CONFIG_DIR=/tmp/.streamlit

# HUGGING FACE SPACES specific networking fixes
ENV MPLBACKEND=Agg
ENV HTTPX_HTTP2=false
ENV HTTPX_TIMEOUT=180
ENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt

# Install system dependencies
RUN apt-get update && apt-get install -y \
    gcc \
    g++ \
    curl \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/* \
    && apt-get clean

# Copy requirements and install
COPY requirements.txt .
RUN pip install --no-cache-dir --upgrade pip setuptools wheel && \
    pip install --no-cache-dir --timeout=600 -r requirements.txt

# Copy application files
COPY . .

# Create necessary directories and set permissions
RUN mkdir -p /tmp/.streamlit /tmp/matplotlib /app/temp && \
    chown -R app_user:app_user /app /tmp/.streamlit /tmp/matplotlib

# Switch to non-root user
USER app_user

# Expose port
EXPOSE 7860

# Run Streamlit
CMD ["streamlit", "run", "app.py", \
     "--server.port=7860", \
     "--server.address=0.0.0.0", \
     "--server.headless=true", \
     "--server.enableCORS=false", \
     "--server.enableXsrfProtection=false", \
     "--server.fileWatcherType=none", \
     "--browser.gatherUsageStats=false"]