FROM python:3.11-slim

WORKDIR /app

# Create a non-root user
RUN useradd -m -u 1000 streamlit

# Create directories with proper ownership
RUN mkdir -p /tmp/.streamlit /tmp/.config/matplotlib /app/uploads && \
    chown -R streamlit:streamlit /tmp/.streamlit /tmp/.config/matplotlib /app && \
    chmod -R 755 /tmp/.streamlit /tmp/.config/matplotlib /app

# Set environment variables
ENV HOME=/tmp
ENV STREAMLIT_CONFIG_DIR=/tmp/.streamlit
ENV MPLCONFIGDIR=/tmp/.config/matplotlib
ENV STREAMLIT_SERVER_MAX_UPLOAD_SIZE=200
ENV STREAMLIT_SERVER_ENABLE_CORS=false
ENV STREAMLIT_SERVER_ENABLE_XSRF_PROTECTION=false

# Install system dependencies
# RUN apt-get update && apt-get install -y \
#     build-essential \
#     curl \
#     software-properties-common \
#     git \
#     && rm -rf /var/lib/apt/lists/*

# Upgrade pip
RUN pip3 install --upgrade pip

# Copy and install Python dependencies
COPY requirements.txt ./requirements.txt
RUN pip3 install -r requirements.txt

# Copy source code
COPY src/ ./src/
RUN chown -R streamlit:streamlit /app

# Switch to non-root user
USER streamlit

EXPOSE 8501

HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health

# Create Streamlit config file
RUN echo '[server]\n\
maxUploadSize = 200\n\
enableCORS = false\n\
enableXsrfProtection = false\n\
\n\
[browser]\n\
gatherUsageStats = false\n\
\n\
[theme]\n\
base = "light"' > /tmp/.streamlit/config.toml

ENTRYPOINT ["streamlit", "run", "src/streamlit_app.py", \
           "--server.port=8501", \
           "--server.address=0.0.0.0"]