# =========================
# CUDA + Python 3.10 base
# =========================
FROM nvidia/cuda:12.1.1-devel-ubuntu22.04

ENV DEBIAN_FRONTEND=noninteractive \
    PIP_DISABLE_PIP_VERSION_CHECK=1 \
    PIP_NO_CACHE_DIR=1 \
    HOME=/home/user \
    PYTHONUNBUFFERED=1

# System packages (include venv!)
RUN apt-get update && apt-get install -y --no-install-recommends \
      python3.10 python3.10-dev python3-pip python-is-python3 \
      python3.10-venv python3-venv \
      git curl ffmpeg libsm6 libxext6 bash \
  && rm -rf /var/lib/apt/lists/*

# Ensure latest pip for py3.10
RUN curl -sS https://bootstrap.pypa.io/get-pip.py | python3.10

# Create non-root user
RUN useradd -m -u 1000 user && \
    mkdir -p /home/user && chown -R user:user /home/user

# -----------------------------
# Runtime bootstrap (start.sh)
# -----------------------------
# Requires Space/Env at runtime:
#   Secret:   GIT_TOKEN
#   Variable: GIT_REPO  (e.g. chaous/render OR https://github.com/chaous/render.git)
#   Variable: GIT_REF   (optional, default "main")
#   Variable: GIT_SUBDIR (optional)
#   Variable: TARGET_ROOT (optional, default /home/user/app)
#   Variable: VENV_DIR    (optional, default /home/user/venv)
RUN printf '%s\n' \
'#!/usr/bin/env bash' \
'set -euo pipefail' \
'export GIT_TERMINAL_PROMPT=0' \
'' \
'PY=python3.10' \
'TARGET_ROOT="${TARGET_ROOT:-/home/user/app}"' \
'VENV_DIR="${VENV_DIR:-/home/user/venv}"' \
'REPO="${GIT_REPO:-}"' \
'REF="${GIT_REF:-main}"' \
'SUBDIR="${GIT_SUBDIR:-}"' \
'' \
'if [[ -z "${REPO}" || -z "${GIT_TOKEN:-}" ]]; then' \
'  echo "[error] GIT_REPO and GIT_TOKEN must be set." >&2; exit 1' \
'fi' \
'' \
'# Normalize to full HTTPS URL' \
'if [[ "${REPO}" == *"://"* ]]; then BASE_URL="${REPO}"; else BASE_URL="https://github.com/${REPO}.git"; fi' \
'' \
'# For GitHub: embed token to avoid prompts; for other hosts use header' \
'USE_HEADER=0' \
'if [[ "${BASE_URL}" == https://github.com/* ]]; then' \
'  AUTH_URL="${BASE_URL/https:\/\//https:\/\/x-access-token:${GIT_TOKEN}@}"' \
'else' \
'  AUTH_URL="${BASE_URL}"; USE_HEADER=1' \
'fi' \
'' \
'echo "[info] Cloning ${BASE_URL}@${REF} into ${TARGET_ROOT}..."' \
'rm -rf "${TARGET_ROOT}" "${VENV_DIR}"' \
'mkdir -p "${TARGET_ROOT}"' \
'if [[ "${USE_HEADER}" -eq 1 ]]; then' \
'  git -c http.extraHeader="Authorization: Bearer ${GIT_TOKEN}" clone --depth 1 --branch "${REF}" "${AUTH_URL}" "${TARGET_ROOT}"' \
'else' \
'  git clone --depth 1 --branch "${REF}" "${AUTH_URL}" "${TARGET_ROOT}"' \
'fi' \
'' \
'if [[ -n "${SUBDIR}" && -d "${TARGET_ROOT}/${SUBDIR}" ]]; then' \
'  cd "${TARGET_ROOT}/${SUBDIR}"' \
'else' \
'  cd "${TARGET_ROOT}"' \
'fi' \
'' \
'echo "[info] Creating venv at ${VENV_DIR}..."' \
'"${PY}" -m venv "${VENV_DIR}"' \
'source "${VENV_DIR}/bin/activate"' \
'python -m pip install --upgrade pip setuptools wheel' \
'' \
'# If requirements exist, install them (with CUDA 12.1 index if torch listed)' \
'if [[ -f requirements.txt ]]; then' \
'  if grep -qiE "^(torch|torchvision|torchaudio)" requirements.txt; then' \
'    echo "[info] Installing with PyTorch cu121 index..."' \
'    pip install --extra-index-url https://download.pytorch.org/whl/cu121 -r requirements.txt' \
'  else' \
'    pip install -r requirements.txt' \
'  fi' \
'fi' \
'' \
'APP_ENTRY="app.py"; [[ -f "gradio_app.py" ]] && APP_ENTRY="gradio_app.py"' \
'if [[ ! -f "${APP_ENTRY}" ]]; then echo "[error] No app.py or gradio_app.py found." >&2; ls -la; exit 1; fi' \
'' \
'echo "[info] Starting ${APP_ENTRY}..."' \
'exec "${VENV_DIR}/bin/python" "${APP_ENTRY}"' \
> /usr/local/bin/start.sh && chmod 755 /usr/local/bin/start.sh

# Runtime as non-root
USER user
ENV PATH="/home/user/.local/bin:${PATH}" \
    GRADIO_SERVER_NAME=0.0.0.0 \
    PORT=7860
WORKDIR /home/user

EXPOSE 7860
CMD ["/usr/local/bin/start.sh"]