FROM python:3.9-slim

WORKDIR /app

# Install system dependencies
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
    build-essential \
    && rm -rf /var/lib/apt/lists/*

# Create a non-root user to run the application
RUN useradd -m appuser && \
    mkdir -p /home/appuser/app /home/appuser/.cache /home/appuser/.image_uploader && \
    chown -R appuser:appuser /home/appuser

# Copy requirements first to leverage Docker cache
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Copy application code
COPY . .

# Create upload directory with proper permissions
RUN mkdir -p static/uploads static/metadata && \
    chmod -R 777 static && \
    mkdir -p /tmp/.image_uploader && \
    chmod -R 777 /tmp/.image_uploader

# Set environment variables for Hugging Face
ENV PYTHONUNBUFFERED=1
ENV HOST=0.0.0.0
ENV PORT=7860
# Set environment variable for production
ENV ENV=production
# These should be set in Hugging Face Space settings
ENV HF_USERNAME=Detomo
# ENV HF_TOKEN=your-token  
ENV HF_DATASET_REPO=image-uploader-data

# Add script to download images from Hugging Face during build
COPY download_images.py .
# Use build secrets to access HF_TOKEN during build time
RUN --mount=type=secret,id=HF_TOKEN,mode=0444,required=true \
    if [ -n "$HF_USERNAME" ] && [ -f /run/secrets/HF_TOKEN ] && [ -n "$HF_DATASET_REPO" ]; then \
    export HF_TOKEN=$(cat /run/secrets/HF_TOKEN) && \
    echo "Downloading images from Hugging Face dataset for $HF_USERNAME/$HF_DATASET_REPO..." && \
    python download_images.py; \
    else \
    echo "Hugging Face credentials not set, skipping image download."; \
    fi

# Set proper ownership for all files
RUN chown -R appuser:appuser /app

# Switch to non-root user
USER appuser

# Expose port for Hugging Face Spaces (uses port 7860)
EXPOSE 7860

# Run the application
CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]