# HuggingFace Spaces — Dockerfile
# Docs: https://huggingface.co/docs/hub/spaces-sdks-docker
#
# Rules for HF Spaces:
#   - Must expose port 7860
#   - Must run as non-root user (uid 1000)
#   - No BuildKit cache mounts (HF builder doesn't support --mount)
#   - Secrets injected via Space Settings → Variables, not .env file

FROM python:3.10-slim

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1 \
    PIP_ROOT_USER_ACTION=ignore \
    PYTHONPATH=/app \
    GRADIO_MODE=true \
    GRADIO_SERVER_NAME=0.0.0.0 \
    GRADIO_SERVER_PORT=7860

WORKDIR /app

# System deps
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    git \
    && rm -rf /var/lib/apt/lists/*

# Install heavy ML packages first (longest layer)
RUN pip install --upgrade pip && \
    pip install \
        --extra-index-url https://download.pytorch.org/whl/cpu \
        torch \
        sentence-transformers \
        transformers \
        faiss-cpu

# Install remaining dependencies
COPY requirements.txt .
RUN pip install -r requirements.txt

# Copy source
COPY . .

# HuggingFace Spaces requires non-root user uid=1000
RUN useradd -m -u 1000 appuser && chown -R appuser:appuser /app
USER appuser

EXPOSE 7860

CMD ["python", "app/frontend/gradio_app_hf.py"]