FROM python:3.11-slim

# HF Spaces runs containers as uid 1000 — ensure ownership
RUN useradd -m -u 1000 appuser

WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

COPY . .

# Create /data and give appuser ownership so the persistent mount is writable.
# On HF Spaces the mount overlays /data at runtime — this ensures the fallback works too.
RUN mkdir -p /data/audio && chown -R 1000:1000 /data

ENV DATA_DIR=/data
EXPOSE 7860

USER 1000
CMD ["python", "app.py"]