# Use lightweight Python base
FROM python:3.10-slim

# Prevent Python from writing .pyc files and buffering stdout/stderr
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1

# Create app directory
WORKDIR /app

# System deps for pandas/openpyxl and builds
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    gcc \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Copy requirements first to leverage Docker cache
COPY requirements.txt ./

# Create non-root user (uid 1000) and switch to it before installing deps and copying code
RUN useradd -m -u 1000 user
USER user
ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH
WORKDIR $HOME/app

# Upgrade pip and install requirements in user site-packages
RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir -r /app/requirements.txt || pip install --no-cache-dir -r requirements.txt

# Copy the rest of the source code
# Copy source code as user to ensure proper ownership
COPY --chown=user . $HOME/app

# Note: /data directory is created at runtime by Hugging Face Spaces if persistent storage is enabled

# Expose the port the Space will provide via $PORT
ENV PORT=5000

# Use gunicorn to serve Flask app
# Hugging Face Spaces expects the container to listen on 0.0.0.0:$PORT
CMD exec gunicorn --bind 0.0.0.0:$PORT --workers 2 --timeout 180 app:app