FROM node:20-alpine AS frontend-build

WORKDIR /frontend
COPY frontend/package.json frontend/package-lock.json* ./
RUN npm ci
COPY frontend/ .
RUN npm run build

FROM python:3.11-slim

WORKDIR /app

# Create non-root user (required by HF Spaces)
RUN useradd -m -u 1000 appuser

RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    && rm -rf /var/lib/apt/lists/*

COPY backend/requirements.txt .

# Install CPU-only torch first (much smaller), skip problematic deps
RUN pip install --no-cache-dir torch --index-url https://download.pytorch.org/whl/cpu && \
    pip install --no-cache-dir \
    $(grep -v '^#' requirements.txt | grep -v '^$' | grep -v '^torch==' | grep -v 'pycld3' | grep -v 'weasyprint' | tr '\n' ' ') && \
    pip install --no-cache-dir reportlab

COPY backend/ .

# Copy frontend build into backend static dir
COPY --from=frontend-build /frontend/dist /app/static

# Copy demo data
COPY demo_data/ /app/demo_data/

RUN mkdir -p uploads model_cache data && \
    chown -R appuser:appuser /app

ENV PORT=7860
ENV APP_ENV=demo
ENV LOG_LEVEL=INFO
ENV TRANSFORMERS_CACHE=/app/model_cache
ENV SENTENCE_TRANSFORMERS_HOME=/app/model_cache
ENV HF_HOME=/app/model_cache

USER appuser

EXPOSE 7860

CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "7860", "--workers", "1"]