FROM python:3.9

# Workdir for build steps
WORKDIR /code

# Install system dependencies (Run as ROOT)
# This ensures we have permission to install system packages
USER root
RUN apt-get update && apt-get install -y \
    ffmpeg \
    libsm6 \
    libxext6 \
    && rm -rf /var/lib/apt/lists/*

# Copy requirements file
COPY requirements.txt /code/requirements.txt

# Install Python dependencies globally (Run as ROOT)
# Installing as root avoids permission issues with /home/user/.local
RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt

# Create a non-root user (Required by Hugging Face Spaces)
RUN useradd -m -u 1000 user

# Switch to the non-root user for the application runtime
USER user
ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH

# Set working directory to the user's home/app
WORKDIR $HOME/app

# Copy the application code (Run as USER)
# We change ownership to the user so they can read/write if needed
COPY --chown=user . $HOME/app

# Download models (Run as USER)
# This ensures models are saved to /home/user/.u2net, which the app can read
RUN python download_models.py

# Expose the application port
EXPOSE 7860

# Command to run the application
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "7860"]