FROM python:3.10-slim

WORKDIR /app

# Install system dependencies including C++ compiler for PyTorch compilation
RUN apt-get update && apt-get install -y \
    wget \
    curl \
    git \
    tar \
    build-essential \
    g++ \
    gcc \
    && rm -rf /var/lib/apt/lists/*

# Create a non-root user 
RUN useradd -m -u 1000 appuser && \
    mkdir -p /home/appuser && \
    chown -R appuser:appuser /home/appuser

# Create app directory structure as root first
RUN mkdir -p /app/hf_cache

# Switch to non-root user for git operations
USER appuser

# Set git config for the non-root user (avoids permission issues)
RUN git config --global user.email "appuser@docker.local" && \
    git config --global user.name "Docker App User"

# Switch back to root to install system packages
USER root

# Copy requirements and install Python dependencies
COPY requirements.txt .

# Install Python dependencies as root but make accessible to appuser
RUN pip install --no-cache-dir -r requirements.txt

# Copy application
COPY app.py .

# Set ownership to appuser
RUN chown -R appuser:appuser /app

# Switch back to non-root user for running the app
USER appuser

# Set environment variables to fix OpenMP, CUDA memory, and caching issues
# Remove quotes and set as integer - libgomp requires positive integer, not empty string  
ENV OMP_NUM_THREADS=1
ENV PYTORCH_CUDA_ALLOC_CONF=expandable_segments:True
ENV CUDA_LAUNCH_BLOCKING=0
ENV HF_HOME=/app/hf_cache
ENV HUGGINGFACE_HUB_CACHE=/app/hf_cache
ENV TRANSFORMERS_CACHE=/app/hf_cache

# Expose port
EXPOSE 7860

# Health check - allow more time for model loading
HEALTHCHECK --interval=60s --timeout=45s --start-period=300s --retries=5 \
    CMD curl -f http://localhost:7860/health || exit 1

# Run application as non-root user
CMD ["python", "app.py"]