FROM python:3.9

# Switch to root for system installations
USER root

# Install dependencies
RUN apt-get update && apt-get install -y \
    git \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user
RUN useradd -m -u 1000 user

ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH \
    PORT=7860

# Clone repository as root
RUN --mount=type=secret,id=Access_key,mode=0444,required=true \
    git clone $(cat /run/secrets/Access_key) $HOME/app 

# Ensure non-root user has ownership of the cloned files
RUN chown -R user:user $HOME/app

# Set working directory
WORKDIR $HOME/app

# Create necessary directories with correct permissions
RUN mkdir -p uploads temp && \
    chown -R user:user uploads temp

# Switch to non-root user
USER user

# Install Python dependencies
RUN pip install --no-cache-dir --upgrade -r requirements.txt

# Expose port 7860
EXPOSE 7860

# Start the application
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860"]