# 1. Base image
FROM python:3.11-slim

# 2. Env vars
ENV PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1 \
    HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH

# 3. Create user
RUN useradd -m -u 1000 user

# 4. Workdir
WORKDIR $HOME/app

# 5. Dependencies
COPY --chown=user requirements.txt .
RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir -r requirements.txt

# 6. Copy files
COPY --chown=user . .

# 7. PRE-BUILD LOCAL DATABASES ONLY
# 🛑 CHANGED: We removed 'rag/ingest_policies.py' from here.
# It will run automatically when app.py starts.
RUN python database/create_internal_db.py && \
    python database/create_government_db.py

# 8. Switch user
USER user

# 9. Port
EXPOSE 7860

# 10. Start
CMD ["python", "app.py"]