FROM python:3.11-slim

WORKDIR /app

RUN apt-get update && apt-get install -y \
    libgl1 \
    libglib2.0-0 \
    libsm6 \
    libxrender1 \
    libxext6 \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Install CPU-only PyTorch first (smaller image)
RUN pip install --no-cache-dir torch torchvision --index-url https://download.pytorch.org/whl/cpu

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

COPY . .

# Create user and give ownership of /app and writable dirs
RUN useradd -m -u 1000 user && \
    chown -R user:user /app && \
    mkdir -p /home/user/.streamlit && \
    chown -R user:user /home/user/.streamlit && \
    mkdir -p /tmp/streamlit-uploads && \
    chmod 777 /tmp/streamlit-uploads

# Copy streamlit config
COPY --chown=user:user .streamlit/config.toml /home/user/.streamlit/config.toml

ENV HOME=/home/user
ENV STREAMLIT_SERVER_FILE_WATCHER_TYPE=none
ENV STREAMLIT_SERVER_ENABLE_XSRF_PROTECTION=false
ENV STREAMLIT_SERVER_ENABLE_CORS=false
ENV STREAMLIT_SERVER_MAX_UPLOAD_SIZE=50
ENV STREAMLIT_BROWSER_GATHER_USAGE_STATS=false

USER user

EXPOSE 7860

HEALTHCHECK CMD curl --fail http://localhost:7860/_stcore/health || exit 1

ENTRYPOINT ["streamlit", "run", "src/app/app.py", "--server.port=7860", "--server.address=0.0.0.0", "--server.headless=true"]