# Use the official lightweight Python image.
FROM python:3.9-slim

# Set the working directory to /app
WORKDIR /app

# Create a non-root user with an explicit UID
RUN adduser -u 1000 --disabled-password --gecos "" appuser && chown -R appuser /app
USER appuser

# CRITICAL FIX: Add the user's local bin directory to PATH so the shell can find 'uvicorn'
ENV PATH="/home/appuser/.local/bin:$PATH"

# Copy the requirements file
COPY --chown=appuser requirements.txt .

# Install the dependencies
# Note: As a non-root user, pip will default to --user install, putting files in ~/.local
RUN pip install --no-cache-dir --upgrade -r requirements.txt

# Copy the rest of the application code
COPY --chown=appuser . .

# Expose the port
EXPOSE 7860

# Command to run the application
# Using 'python -m uvicorn' is safer than just 'uvicorn' to ensure it uses the installed module
CMD ["python", "-m", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860"]