FROM python:3.9-slim

# Set environment variables
# PYTHONUNBUFFERED=1 ensures logs are visible in real-time
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH

# Install curl and clean up
RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*

# Set up a new user named "user" with user ID 1000
RUN useradd -m -u 1000 user

# Switch to the "user" user
USER user

# Set the working directory to the user's home directory
WORKDIR $HOME/app

# Copy requirements.txt first to leverage Docker cache
COPY --chown=user requirements.txt $HOME/app/requirements.txt

# Install requirements
RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir --upgrade -r requirements.txt

# Copy the rest of the application
COPY --chown=user . $HOME/app

# Create the webfonts directory and download fonts
# Added --retry and --connect-timeout for robustness to prevent build hangs
# Use user's home directory explicitly to avoid permission issues
RUN mkdir -p $HOME/app/static/webfonts && \
    chmod 755 $HOME/app/static && \
    chmod 755 $HOME/app/static/webfonts && \
    curl -fLo $HOME/app/static/webfonts/fa-solid-900.woff2 --connect-timeout 20 --retry 3 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2 && \
    curl -fLo $HOME/app/static/webfonts/fa-solid-900.ttf --connect-timeout 20 --retry 3 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.ttf && \
    curl -fLo $HOME/app/static/webfonts/fa-regular-400.woff2 --connect-timeout 20 --retry 3 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-regular-400.woff2 && \
    curl -fLo $HOME/app/static/webfonts/fa-regular-400.ttf --connect-timeout 20 --retry 3 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-regular-400.ttf && \
    chmod 644 $HOME/app/static/webfonts/*

# Expose port 7860
EXPOSE 7860

# Command to run the application with verbose logging
# Using gunicorn for production stability and removing development server warnings
CMD ["gunicorn", "-b", "0.0.0.0:7860", "--access-logfile", "-", "--error-logfile", "-", "--log-level", "info", "--timeout", "120", "--workers", "2", "app:app"]