FROM python:3.12-slim

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1 \
    STREAMLIT_BROWSER_GATHER_USAGE_STATS=false \
    HOME=/app \
    # 🔐 force writable paths on HF Spaces
    UPLOAD_DIR=/data/uploads \
    TMPDIR=/data/tmp

WORKDIR /app

# System deps (lean)
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential curl git \
 && rm -rf /var/lib/apt/lists/*

# Leverage layer cache
COPY requirements.txt .
RUN pip install --upgrade pip \
 && pip install --no-cache-dir -r requirements.txt

# App source
COPY src/ ./src/

# Streamlit config dir (lives in image layer, ok)
RUN mkdir -p /app/.streamlit

# ✅ Create writable persistent dirs and grant permissions
# /data is the only writable volume on Hugging Face Spaces.
RUN mkdir -p /data/uploads /data/tmp \
 && chmod -R 777 /data

# (Optional) non-root – if you uncomment, make sure /data is owned or world-writable
# RUN useradd -m -d /app appuser && chown -R appuser:appuser /app /data
# USER appuser

EXPOSE 8501

# Healthcheck
HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health || exit 1

ENTRYPOINT ["streamlit", "run", "src/streamlit_app.py"]