FROM python:3.9-slim

# --- System setup ---
RUN apt-get update && apt-get install -y \
    build-essential \
    curl \
    git \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user with user ID 1000
RUN useradd -m -u 1000 user

# Set ENV vars for common cache locations to avoid permission issues
ENV HOME=/home/user \
    XDG_CACHE_HOME=/home/user/.cache \
    HF_HOME=/home/user/.cache \
    TRANSFORMERS_CACHE=/home/user/.cache \
    PATH=/home/user/.local/bin:$PATH

# Set working directory
WORKDIR $HOME/app

# Copy files with correct ownership
COPY --chown=user:user requirements.txt ./requirements.txt
RUN pip install --no-cache-dir -r requirements.txt

COPY --chown=user:user ./src ./src

# Use non-root user from now on
USER user

EXPOSE 8501

HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health

ENTRYPOINT ["streamlit", "run", "src/app.py", "--server.port=8501", "--server.address=0.0.0.0"]