FROM python:3.10-slim-bullseye

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1 \
    PATH="/home/user/.local/bin:${PATH}" \
    MPLCONFIGDIR="/home/user/.config/matplotlib" \
    HF_HOME="/home/user/.cache/huggingface" \
    SENTENCE_TRANSFORMERS_HOME="/home/user/.cache/sentencetransformers" \
    GRADIO_SERVER_NAME="0.0.0.0" \
    GRADIO_SERVER_PORT="7860"

# System deps for plotting, ffmpeg, etc.
RUN apt-get update && apt-get install -y --no-install-recommends \
    git git-lfs ffmpeg \
    libglib2.0-0 libsm6 libxext6 libxrender1 libgl1 \
    fonts-dejavu-core \
 && rm -rf /var/lib/apt/lists/* \
 && git lfs install

# Non-root user so pip installs land in /home/user/.local
RUN useradd -m -u 1000 user
USER user
WORKDIR /home/user/app

# Pre-create writable caches
RUN mkdir -p /home/user/.config/matplotlib \
             /home/user/.cache/huggingface/hub \
             /home/user/.cache/sentencetransformers \
             /home/user/.cache/pip

COPY --chown=user:user requirements.txt ./requirements.txt
RUN python -m pip install --upgrade pip && pip install --no-cache-dir -r requirements.txt

COPY --chown=user:user . .

EXPOSE 7860
CMD ["python", "app.py"]