FROM python:3.10-slim

# Set environment variables
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV HOME=/app 
ENV PADDLEOCR_HOME=/app/.paddleocr

WORKDIR /app

# Create writable OCR model directory and non-root user
RUN mkdir -p /app/.paddleocr && \
    adduser --disabled-password --gecos '' appuser && \
    chown -R appuser:appuser /app

# Install system dependencies (updated for Trixie)
RUN apt-get update && apt-get install -y --no-install-recommends \
    libgl1 \
    libglib2.0-0 \
    libsm6 \
    libxext6 \
    libxrender-dev \
    libgomp1 \
    poppler-utils \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# Install Python dependencies
COPY requirements.txt .
RUN pip install --upgrade pip && pip install --no-cache-dir -r requirements.txt

# Copy project files
COPY . .

# Switch to non-root user
USER appuser

# Expose FastAPI port
EXPOSE 7860

# Start the app
CMD ["python", "app.py"]