FROM python:3.9-slim

WORKDIR /app

# 1. Set cache directories with proper permissions
ENV TRANSFORMERS_CACHE=/tmp/model_cache \
    HF_HOME=/tmp/huggingface \
    XDG_CACHE_HOME=/tmp/xdg_cache

# 2. Create cache directories with world write permissions
RUN mkdir -p ${TRANSFORMERS_CACHE} ${HF_HOME} ${XDG_CACHE_HOME} && \
    chmod -R 777 /tmp

# 3. Install requirements
COPY requirements.txt .
RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir -r requirements.txt

# 4. Copy application
COPY . .

# 5. Run as non-root user
USER 1000

# 6. Health check
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:7860/health || exit 1

CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860", "--workers", "1"]