FROM python:3.9-slim

WORKDIR /code

# Install system dependencies
RUN apt-get update && apt-get install -y \
    build-essential \
    git \
    && rm -rf /var/lib/apt/lists/*

# Create a non-root user
RUN useradd -m -u 1000 user && \
    chown -R user:user /code

# Set environment variables
ENV PYTHONUNBUFFERED=1
ENV TRANSFORMERS_CACHE=/tmp/transformers_cache
ENV TORCH_HOME=/tmp/torch_cache

# Create cache directories with proper permissions
RUN mkdir -p /tmp/transformers_cache /tmp/torch_cache && \
    chown -R user:user /tmp/transformers_cache /tmp/torch_cache && \
    chmod 777 /tmp/transformers_cache /tmp/torch_cache

# Copy requirements first
COPY --chown=user:user requirements.txt .

# Install Python dependencies
RUN pip install --no-cache-dir -r requirements.txt

# Copy the rest of the application
COPY --chown=user:user . .

# Switch to non-root user
USER user

# Expose the port
EXPOSE 7860

# Run with single worker
CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860", "--workers", "1"]