FROM stephengpope/no-code-architects-toolkit:latest

# Set non-sensitive environment variables
ENV MAX_QUEUE_LENGTH=10 \
    GUNICORN_WORKERS=4 \
    GUNICORN_TIMEOUT=300

# Load secrets from Hugging Face Secrets using Docker mounts
RUN --mount=type=secret,id=API_KEY,required=true \
    export API_KEY=$(cat /run/secrets/API_KEY)
RUN --mount=type=secret,id=S3_ENDPOINT_URL,required=true \
    export S3_ENDPOINT_URL=$(cat /run/secrets/S3_ENDPOINT_URL)
RUN --mount=type=secret,id=S3_ACCESS_KEY,required=true \
    export S3_ACCESS_KEY=$(cat /run/secrets/S3_ACCESS_KEY)
RUN --mount=type=secret,id=S3_SECRET_KEY,required=true \
    export S3_SECRET_KEY=$(cat /run/secrets/S3_SECRET_KEY)
RUN --mount=type=secret,id=S3_BUCKET_NAME,required=true \
    export S3_BUCKET_NAME=$(cat /run/secrets/S3_BUCKET_NAME)
RUN --mount=type=secret,id=S3_REGION,required=true \
    export S3_REGION=$(cat /run/secrets/S3_REGION)


# Install Python dependencies
COPY requirements.txt .
RUN pip install --upgrade pip
RUN pip install --no-cache-dir -r requirements.txt

# Copy project
COPY . .

# Re-export as ENV so the Python app can access them
ENV API_KEY=$API_KEY \
    S3_ENDPOINT_URL=$S3_ENDPOINT_URL \
    S3_ACCESS_KEY=$S3_ACCESS_KEY \
    S3_SECRET_KEY=$S3_SECRET_KEY \
    S3_BUCKET_NAME=$S3_BUCKET_NAME \
    S3_REGION=$S3_REGION

EXPOSE 8080

CMD ["python", "app.py"]