# Use an official Python runtime as a parent image
FROM python:3.10-slim

# Set environment variables
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1
# Set the DuckDB path inside the container
ENV DUCKDB_PATH /app/data/mydatabase.db

# Create a non-root user and group
RUN adduser --disabled-password --gecos "" appuser

# Set the working directory in the container
WORKDIR /app

# Copy the requirements file into the container at /app
COPY requirements.txt /app/

# Install any needed packages specified in requirements.txt
# Use --no-cache-dir to reduce image size
RUN pip install --no-cache-dir -r requirements.txt

# Copy the current directory contents into the container at /app
COPY . /app/

# Create the data directory and set permissions
# Run these steps as root before switching user
RUN mkdir -p /app/data && chown -R appuser:appuser /app

# Switch to the non-root user
USER appuser

# Make port 7860 available to the world outside this container (Hugging Face default)
EXPOSE 7860

# Run main.py when the container launches using Uvicorn
# Use 0.0.0.0 to make it accessible externally
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860"]