FROM python:3.10-slim

ENV PYTHONUNBUFFERED=1
ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        ffmpeg \
        libsm6 \
        libxext6 \
        fontconfig \
        imagemagick \
        ghostscript && \
    ( \
        POLICY_FILE=$(find /etc/ImageMagick* -name policy.xml -print -quit 2>/dev/null) && \
        if [ -n "$POLICY_FILE" ] && [ -f "$POLICY_FILE" ]; then \
            echo "INFO: Modifying ImageMagick policy file: $POLICY_FILE"; \
            sed -i 's/<policy domain="coder" rights="none" pattern="PS" \/>/<!-- & -->/' "$POLICY_FILE" && \
            sed -i 's/<policy domain="coder" rights="none" pattern="EPS" \/>/<!-- & -->/' "$POLICY_FILE" && \
            sed -i 's/<policy domain="coder" rights="none" pattern="PDF" \/>/<!-- & -->/' "$POLICY_FILE" && \
            sed -i 's/<policy domain="coder" rights="none" pattern="TEXT" \/>/<!-- & -->/' "$POLICY_FILE" && \
            sed -i 's/<policy domain="coder" rights="none" pattern="LABEL" \/>/<!-- & -->/' "$POLICY_FILE" && \
            sed -i 's/<policy domain="path" rights="none" pattern="@*" \/>/<!-- & -->/' "$POLICY_FILE" && \
            echo "INFO: ImageMagick policy potentially updated."; \
        else \
            echo "WARNING: ImageMagick policy.xml not found. TextClip might fail."; \
        fi \
    ) && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

RUN mkdir -p /usr/local/share/fonts/truetype/mycustomfonts
COPY assets/fonts/arial.ttf /usr/local/share/fonts/truetype/mycustomfonts/arial.ttf 
RUN fc-cache -f -s -v

ARG APP_USER_UID=1000
ARG APP_USER_GID=1000
RUN groupadd --gid $APP_USER_GID appgroup && \
    useradd --uid $APP_USER_UID --gid appgroup --shell /bin/bash --create-home appuser

WORKDIR /home/appuser/app # Set WORKDIR for appuser's home/app space

# Copy requirements first (as root or default builder user)
COPY requirements.txt ./
RUN python -m pip install --no-cache-dir --upgrade pip && \
    python -m pip install --no-cache-dir -r requirements.txt

# Copy all application code
COPY . .

# Ensure the output directory exists and is writable by appuser BEFORE switching user
# Create it as root, then chown specifically, then chown the whole app dir.
RUN mkdir -p /home/appuser/app/temp_cinegen_media && \
    chown -R appuser:appgroup /home/appuser/app/temp_cinegen_media && \
    chown -R appuser:appgroup /home/appuser/app 
    # chmod -R 775 /home/appuser/app/temp_cinegen_media # Optionally, more explicit permissions

# Switch to the non-root user
USER appuser
ENV PATH="/home/appuser/.local/bin:${PATH}" 

EXPOSE 8501
CMD ["streamlit", "run", "app.py", "--server.headless=true", "--server.port=8501", "--server.fileWatcherType=none"]