# ---------------------------------------------------------------------
# Base image – use the full tag so `wget` is available for the steps
FROM python:3.9

# ---------------------------------------------------------------------
# 1. Create UID-1000 account *and its home directory*.
RUN useradd -m -u 1000 user

# Environment: declare the home dir now (some HF-injected commands
# look at $HOME) but stay root for the next layers.
ENV HOME=/home/user \
    PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1 \
    PATH="$HOME/.local/bin:$PATH"

# ---------------------------------------------------------------------
# 2. Install Python dependencies **as root** so the console scripts
#    land in /usr/local/bin (already on PATH at runtime).
WORKDIR /app
COPY requirements.txt /tmp/reqs.txt
RUN pip install --no-cache-dir -r /tmp/reqs.txt \
 && rm /tmp/reqs.txt

# ---------------------------------------------------------------------
# 3. Switch to the non-root user for the final image,
#    then copy the source tree.
USER user
WORKDIR $HOME/app
COPY --chown=user . .

# ---------------------------------------------------------------------
# 4. Launch: $PORT is set by the platform at runtime; fall back to 8501
#    for local docker runs.
CMD streamlit run app.py \
    --server.port=${PORT:-8501} \
    --server.headless true \
    --server.address 0.0.0.0