# 1. Use Python 3.11 Slim Bookworm (Lightweight & Stable)
FROM python:3.11-slim-bookworm

# 2. Set working directory
WORKDIR /app

# 3. Create a non-root user (Critical for HF Spaces security permissions)
# We use ID 1000 which matches the standard HF user
RUN useradd -m -u 1000 user

# 4. Install system dependencies if needed (optional, keeping it slim)
# RUN apt-get update && apt-get install -y --no-install-recommends ...

# 5. Copy requirements first (Docker caching optimization)
COPY requirements.txt .

# 6. Install Python dependencies
RUN pip install --no-cache-dir --upgrade -r requirements.txt

# 7. Copy the rest of the application
COPY --chown=user . .

# 8. Create a local data directory & set permissions (For fallback/init)
RUN mkdir -p /app/data && chown -R user:user /app/data

# 9. Switch to the non-root user
USER user

# 10. Set environment variables
ENV PYTHONUNBUFFERED=1 \
    HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH

# 11. Expose the standard Hugging Face port
EXPOSE 7860

# 12. Start the application
# NOTE: We force port 7860 here, overriding the 8000 in your app.py
CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]