FROM python:3.12-slim

WORKDIR /app

# Install dependencies (cached layer)
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Create non-root user (UID 1000 — HF Spaces default)
RUN useradd -m -u 1000 -s /bin/bash appuser

# Copy source
COPY src/ src/
COPY data/seed_papers.json data/seed_papers.json
COPY data/demo-data.json data/demo-data.json
COPY data/demo-config.yaml data/demo-config.yaml
COPY entrypoint.sh .
RUN chmod +x entrypoint.sh

# Create data directories with correct ownership
# /app/data for local Docker Compose, /data for HF Spaces persistent storage
RUN mkdir -p data/weeks /data && chown -R appuser:appuser /app /data

USER appuser

# Default port for HF Spaces; docker-compose overrides to 8888 via PORT env var
ENV PORT=7860
EXPOSE 7860

HEALTHCHECK --interval=30s --timeout=10s --retries=3 --start-period=15s \
    CMD python -c "import os; import urllib.request; urllib.request.urlopen(f'http://localhost:{os.environ.get(\"PORT\", 7860)}/api/status')"

ENTRYPOINT ["./entrypoint.sh"]