FROM python:3.9-slim

WORKDIR /app

# Install system dependencies as root
RUN apt-get update && apt-get install -y \
    build-essential \
    curl \
    software-properties-common \
    git \
    && rm -rf /var/lib/apt/lists/*

# Copy and install python requirements as root
COPY requirements.txt ./
RUN pip3 install -r requirements.txt

# Copy application code
COPY src/ ./src/

# Create a non-root user and its home directory, then change ownership of the app directory.
# The -m flag is crucial as it creates the home directory (/home/appuser),
# allowing Streamlit to create its /.streamlit directory there instead of in the root.
RUN useradd -ms /bin/bash appuser && chown -R appuser:appuser /app

# Switch to the non-root user
USER appuser

EXPOSE 8501

HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health

# This command will now be executed by 'appuser'
ENTRYPOINT ["streamlit", "run", "src/streamlit_app.py", "--server.port=8501", "--server.address=0.0.0.0"]