# Use an official Python runtime as a parent image
FROM python:3.9-slim

# Create a non-root user and a writable cache directory
RUN useradd -m -u 1000 user \
 && mkdir -p /home/user/cache \
 && chmod -R 777 /home/user/cache

# Switch to non-root
USER user
ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH \
    HF_HOME=/home/user/cache \
    HF_HUB_CACHE=/home/user/cache/hub \
    TRANSFORMERS_CACHE=/home/user/cache

# Set working directory
WORKDIR /home/user/app

# Copy and install your exact requirements
COPY --chown=user:user requirements.txt ./
RUN pip install --no-cache-dir --upgrade -r requirements.txt

# Copy application code
COPY --chown=user:user app ./app

# Expose the port and run
EXPOSE 7860
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "7860"]