# Use a lightweight Python base image
FROM python:3.11-slim

# Prevent .pyc files and ensure stdout/stderr are unbuffered
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1

# Set working directory inside the container
WORKDIR /app

# Create a non-root user and group
RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser

# Install system-level dependencies (e.g., for building wheels or fonts for Panel)
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    libgl1 \
    curl \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# Copy and install Python dependencies
COPY --chown=appuser:appgroup requirements.txt .
RUN pip install --upgrade pip && pip install --no-cache-dir -r requirements.txt

# Copy the full app code
COPY --chown=appuser:appgroup . .

# Set file permissions
RUN mkdir -p /.cache /app/.chroma && chown -R appuser:appgroup /.cache /app

# Use non-root user
USER appuser

# Expose Panel's default port
EXPOSE 7860

# Launch the app
CMD ["panel", "serve", "app.py", "--address", "0.0.0.0", "--port", "7860", "--allow-websocket-origin", "*"]