# Hugging Face Spaces (Docker)
FROM python:3.10-slim

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1 \
    HF_HOME=/cache/hf \
    TORCH_HOME=/cache/torch \
    PORT=7860 \
    RUNNING_GUNICORN=1 \
    ALLOW_PROXY_FALLBACK=0

# System deps for soundfile & Kokoro
RUN apt-get update && apt-get install -y --no-install-recommends \
    espeak-ng ffmpeg libsndfile1 git build-essential \
    && rm -rf /var/lib/apt/lists/*

# Create unprivileged user and caches
RUN useradd -m -u 1000 appuser && \
    mkdir -p /app /cache/hf /cache/torch && \
    chown -R appuser:appuser /app /cache

WORKDIR /app

# Install Python deps first (layer cache)
COPY --chown=appuser:appuser requirements.txt .
RUN pip install --upgrade pip && pip install -r requirements.txt

# Install spaCy English model now (prevents runtime download)
RUN python -m spacy download en_core_web_sm

# Copy the app code
COPY --chown=appuser:appuser . .

# Pre-create static folders with correct ownership/permissions
RUN mkdir -p /app/static/audio /app/static/summaries && \
    chmod -R 775 /app/static

USER appuser

EXPOSE 7860
CMD ["python", "app.py"]