# Use a specific Python version
FROM python:3.10

# Set the working directory in the container
WORKDIR /app

# Install required system packages (ffmpeg is needed by yt-dlp for merging/conversion)
RUN apt-get update && apt-get install -y --no-install-recommends ffmpeg && \
    apt-get clean && rm -rf /var/lib/apt/lists/*

# Create a non-root user for security
# Using uid 1000 which is common
RUN useradd -m -u 1000 appuser

# Copy requirements first to leverage Docker cache
COPY requirements.txt .

# Install Python dependencies
# Ensure requirements.txt contains:
# fastapi[all]
# yt-dlp
# requests
RUN pip install --no-cache-dir --pre -r requirements.txt

# Copy the rest of the application files
# Make sure main.py and www.youtube.com_cookies.txt (if used) are in the build context
COPY . .

# Set permissions:
# - Directories: read/execute for all, write for owner (755)
# - Files: read for all, write for owner (644)
# - Change ownership to the non-root user
# Note: Explicit chmod for cookie file might be redundant if COPY respects source permissions, but doesn't hurt.
RUN find /app -type d -exec chmod 755 {} \; && \
    find /app -type f -exec chmod 644 {} \; && \
    chown -R appuser:appuser /app

# Switch to the non-root user
USER appuser

# Expose the port the app will run on (common for HF Spaces)
EXPOSE 7860

# Command to run the application using uvicorn
# - main:app -> finds the 'app' instance in the 'main.py' file
# - --host 0.0.0.0 -> makes the server accessible from outside the container
# - --port 7860 -> matches the EXPOSE directive
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860"]