FROM python:3.10-slim

WORKDIR /app

# Install system dependencies
RUN apt-get update && apt-get install -y \
    build-essential \
    curl \
    git \
    libfaiss-dev \
    && rm -rf /var/lib/apt/lists/*

# Create a non-root user early
RUN useradd --create-home --shell /bin/bash --uid 1000 appuser

# Copy and install Python requirements as root first
COPY requirements.txt .
RUN pip install --no-cache-dir --upgrade pip
RUN pip install --no-cache-dir -r requirements.txt

# Set environment variables for HuggingFace models and cache
ENV HF_HOME=/home/appuser/.cache/huggingface
ENV HF_HUB_CACHE=/home/appuser/.cache/huggingface/hub
ENV TRANSFORMERS_CACHE=/home/appuser/.cache/transformers
ENV SENTENCE_TRANSFORMERS_HOME=/home/appuser/.cache/sentence_transformers

# Create cache directories in the user's home directory
RUN mkdir -p /home/appuser/.cache/huggingface/hub \
    /home/appuser/.cache/transformers \
    /home/appuser/.cache/sentence_transformers \
    /app/uploads && \
    chown -R appuser:appuser /home/appuser/.cache /app && \
    chmod -R 755 /home/appuser/.cache /app

# Copy application code and set ownership
COPY --chown=appuser:appuser . .

# Switch to non-root user
USER appuser

# Expose port 7860
EXPOSE 7860

# Run the application
CMD ["python", "app.py"]