# Alpine-based Dockerfile for maximum security and minimal size
FROM python:3.12-alpine

# Set working directory
WORKDIR /app

# Install system dependencies (Alpine packages)
RUN apk update && apk upgrade && apk add --no-cache \
    gcc \
    g++ \
    musl-dev \
    libxml2-dev \
    libxslt-dev \
    libffi-dev \
    openssl-dev \
    mysql-dev \
    pkgconfig \
    curl \
    && rm -rf /var/cache/apk/*

# Copy requirements first for better Docker layer caching
COPY requirements.txt .

# Install Python dependencies
RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir --root-user-action=ignore -r requirements.txt

# Copy application code
COPY ./api ./api
COPY config.yaml .

# Create non-root user for security
RUN adduser -D -u 1001 appuser && chown -R appuser:appuser /app
USER appuser

# Set environment variables for Hugging Face Spaces
ENV PYTHONUNBUFFERED=1
ENV HOST=0.0.0.0
ENV PORT=7860

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:7860/ || exit 1

# Expose the standard Hugging Face Spaces port
EXPOSE 7860

# Run the application
CMD ["uvicorn", "api.index:app", "--host", "0.0.0.0", "--port", "7860", "--workers", "1", "--log-level", "info"]