# 使用官方Python 3.10 slim镜像
FROM python:3.10-slim

# --- 1. 安装系统依赖 ---
RUN apt-get update && apt-get install -y --no-install-recommends \
    git \
    build-essential \
    libgomp1 \
    && rm -rf /var/lib/apt/lists/*

# --- 2. 关键步骤：克隆私有仓库 ---
WORKDIR /src
# 注意：确保你的Secrets名为GH_USER和GH_TOKEN
RUN --mount=type=secret,id=GH_USER \
    --mount=type=secret,id=GH_TOKEN \
    git clone https://$(cat /run/secrets/GH_USER):$(cat /run/secrets/GH_TOKEN)@github.com/leoncool23/tcm_expert_builder.git

# --- 3. 设置正确的工作目录 ---
WORKDIR /src/tcm_expert_builder

# --- 4. 设置Python环境 ---
# 复制 requirements.txt (作为最佳实践，尽管git clone已经包含了它)
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# --- 5. 配置NLTK和ChromaDB环境 ---
# (a) 设置NLTK数据路径
ENV NLTK_DATA /usr/local/share/nltk_data
# (b) 创建目录并下载NLTK模型
RUN mkdir -p $NLTK_DATA
RUN python -m nltk.downloader -d $NLTK_DATA punkt averaged_perceptron_tagger maxent_ne_chunker words
# (c) [核心修复] 禁用ChromaDB的遥测功能，避免启动错误
ENV ANONYMIZED_TELEMETRY False

# --- 6. 创建应用所需目录并设置权限 ---
RUN useradd --create-home --shell /bin/bash appuser
RUN mkdir -p ./uploads ./data
# 将整个工作目录的所有权交给我们的非root用户
RUN chown -R appuser:appuser .
USER appuser
# 以appuser身份创建vector_db目录，确保权限正确
RUN mkdir -p ./data/vector_db

# --- 7. 运行应用 ---
EXPOSE 7860
CMD ["gunicorn", "--workers", "1", "--bind", "0.0.0.0:7860", "app:app"]