FROM python:3.9-slim

# Install git and clean up in the same layer to keep the image size down
RUN apt-get update && \
    apt-get install -y git curl && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

WORKDIR /app

# Clone private repository using mounted secret
RUN --mount=type=secret,id=GITHUB_TOKEN,required=true \
    git clone https://x-access-token:$(cat /run/secrets/GITHUB_TOKEN)@github.com/leoncool23/AIhfbackend.git . \
    && rm -rf .git

# Create necessary directories and give them open permissions
# This is a robust way to handle permissions in containerized environments.
RUN mkdir -p /app/instance/sessions && \
    chmod -R 777 /app/instance

# Install Python dependencies
RUN pip install --no-cache-dir -r requirements.txt

# Create a script to run the application
# Use 'set -e' to exit immediately if a command fails.
RUN echo '#!/bin/bash\n\
set -e\n\
echo "===== Application Startup at $(date) ====="\n\
echo "Initializing database..."\n\
python3 -c "from app import init_db; init_db()"\n\
echo "Database initialized successfully."\n\
echo "Starting Gunicorn server..."\n\
exec gunicorn \
    --config /app/gunicorn.conf.py \
    app:app' > /app/start.sh && \
    chmod +x /app/start.sh

# Environment variables
ENV FLASK_APP=app.py
ENV FLASK_ENV=production
ENV HOST=0.0.0.0
ENV PORT=7860
ENV PYTHONUNBUFFERED=1
ENV DIFY_API_KEY=${DIFY_API_KEY}
ENV DIFY_API_URL=${DIFY_API_URL}
ENV DIFY_APP_ID=${DIFY_APP_ID}

# Create gunicorn config file
RUN echo 'bind = "0.0.0.0:7860"\n\
workers = 1\n\
#worker_class = "gevent"\n\
worker_class = "gthread"\n\
threads = 4\n\
loglevel = "info"\n\
accesslog = "-"\n\
errorlog = "-"\n\
preload_app = True' > /app/gunicorn.conf.py

# Switch to non-root user for security
USER nobody

# Expose the port and start the application
EXPOSE 7860
CMD ["/app/start.sh"]