# Step 1: Use a stable Python base
FROM python:3.11-slim-bullseye

# Step 2: Set environment variables for Python and Hugging Face
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV DEBIAN_FRONTEND=noninteractive
ENV HOME=/home/user
ENV PATH="/home/user/.local/bin:$PATH"

# Step 3: Install Chrome and all system dependencies for Selenium/Undetected Chromedriver
RUN apt-get update && apt-get install -y --no-install-recommends \
    wget \
    gnupg \
    curl \
    unzip \
    libgconf-2-4 \
    libnss3 \
    libxss1 \
    libasound2 \
    libxtst6 \
    libgtk-3-0 \
    libgbm1 \
    fonts-liberation \
    xdg-utils \
    && wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
    && echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list \
    && apt-get update && apt-get install -y google-chrome-stable \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# Step 4: Create the mandatory Hugging Face user (UID 1000)
RUN useradd -m -u 1000 user
WORKDIR /home/user/app

# Step 5: Install Python dependencies as the non-root user
# We copy requirements first to leverage Docker layer caching
COPY --chown=user:user requirements.txt .
RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir -r requirements.txt

# Step 6: Copy the rest of the application code
COPY --chown=user:user . .

# Step 7: Create and set permissions for the Transformers/Embeddings cache
ENV HF_HOME=/home/user/app/.cache
RUN mkdir -p /home/user/app/.cache && chown -R user:user /home/user/app/.cache

# Step 8: Switch to the non-root user
USER user

# Step 9: Expose the mandatory Hugging Face Port
EXPOSE 7860

# Step 10: Launch using Gunicorn
# Bind to 7860 as required by HF Spaces
CMD ["gunicorn", "--bind", "0.0.0.0:7860", "--workers", "1", "--timeout", "200", "run:app"]