# Base image with Python
FROM python:3.10-slim

# Set environment variable to prevent Python from writing .pyc files
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

# Set working directory inside the container
WORKDIR /project

# Install system dependencies for Playwright and general tools (your working version)
RUN apt-get update && apt-get install -y \
    build-essential \
    wget \
    gnupg \
    ca-certificates \
    fonts-liberation \
    libasound2 \
    libatk-bridge2.0-0 \
    libatk1.0-0 \
    libatspi2.0-0 \
    libcups2 \
    libdbus-1-3 \
    libdrm2 \
    libgtk-3-0 \
    libnspr4 \
    libnss3 \
    libxcomposite1 \
    libxdamage1 \
    libxfixes3 \
    libxrandr2 \
    libxss1 \
    libxtst6 \
    libgbm1 \
    libxkbcommon0 \
    libxcursor1 \
    libxi6 \
    xvfb \
    curl \
    git \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user for security BEFORE installing anything
RUN useradd --create-home --shell /bin/bash app

# Copy requirements first for better caching
COPY requirements.txt .
RUN chown app:app requirements.txt

# Switch to app user for all installations
USER app

# Set Playwright browsers path for app user
ENV PLAYWRIGHT_BROWSERS_PATH=/home/app/.cache/ms-playwright

# Install Python dependencies as app user
RUN pip install --no-cache-dir --upgrade pip setuptools wheel
RUN pip install --no-cache-dir -r requirements.txt

# Install Playwright browsers as app user using python -m
RUN python -m playwright install chromium

# Switch back to root to copy files and set permissions
USER root

# Create necessary directories for artifacts and temporary files
RUN mkdir -p /tmp/omirl_data
RUN mkdir -p /project/artifacts
RUN mkdir -p /project/logs

# Copy all project files into the container
COPY . .

# Set proper permissions for artifact directories and app user
RUN chmod 755 /tmp/omirl_data
RUN chmod 755 /project/artifacts
RUN chown -R app:app /project

# Set Playwright environment variables for headless operation (your working config)
ENV PLAYWRIGHT_HEADLESS=true

# Set Python path to include project root
ENV PYTHONPATH=/project

# LLM Router environment variables
ENV LLM_ROUTER_ENABLED=true
ENV DEFAULT_LLM_PROVIDER=gemini

# Switch back to app user for runtime
USER app

# Add the app user's local bin directory to PATH
ENV PATH="/home/app/.local/bin:$PATH"

# Health check (commented out since curl might not be available as app user)
# HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
#     CMD curl -f http://localhost:7860/_stcore/health || exit 1

# Expose the port that Streamlit will run on
EXPOSE 7860

# Command to run the Streamlit app
CMD ["streamlit", "run", "app/main.py", "--server.port=7860", "--server.address=0.0.0.0"]