# syntax=docker/dockerfile:1
#
# Stage 1: build wheels using full base image (with compilers)
FROM python:3.12-slim AS builder

WORKDIR /app

# Prevent unwanted cache and bytecode files
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1

# Install build dependencies
RUN apt-get update && \
    apt-get install -y --no-install-recommends gcc build-essential && \
    rm -rf /var/lib/apt/lists/*

# Install dependencies as wheels to avoid needing compilers in final stage
COPY requirements.txt .
RUN python3 -m pip install --no-cache-dir --upgrade pip && \
    pip wheel --no-cache-dir --no-deps --wheel-dir /app/wheels -r requirements.txt

# Stage 2: final runtime image
FROM python:3.12-slim AS runtime
WORKDIR /app

# Copy wheels and install runtime dependencies
COPY --from=builder /app/wheels /wheels
COPY requirements.txt .
RUN python3 -m pip install --no-cache-dir /wheels/*

# Copy application code
COPY . .

# Create cache directories with proper permissions (if needed)
RUN mkdir /.cache /.chroma && chmod 777 /.cache /.chroma

# Use non‑root user for better security
RUN useradd --no-log-init -r appuser && chown -R appuser /app /.cache /.chroma
USER appuser

EXPOSE 7860
CMD ["panel", "serve", "/app/app.py", "--address", "0.0.0.0", "--port", "7860", "--allow-websocket-origin", "*"]