FROM python:3.10-slim

WORKDIR /app

# Copy requirements first
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Copy app files
COPY . .

# Create non-root user with home directory
RUN useradd -m -u 1000 user

# Create matplotlib config directory and set permissions
RUN mkdir -p /app/.config/matplotlib && \
    mkdir -p /app/.cache && \
    chown -R user:user /app

# Switch to non-root user
USER user

# Set environment variables for matplotlib
ENV MPLCONFIGDIR=/app/.config/matplotlib
ENV MATPLOTLIB_CACHE_DIR=/app/.cache
ENV HOME=/app

# HF Spaces expects port 7860
EXPOSE 7860

# Run with gunicorn
CMD ["gunicorn", "--bind", "0.0.0.0:7860", "--workers", "1", "--timeout", "120", "app:app"]