FROM python:3.10-slim

# Install required system packages
RUN apt-get update && apt-get install -y --no-install-recommends \
    git \
    ffmpeg \
    tesseract-ocr \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user
RUN useradd -m -u 1000 user
ENV HOME=/home/user
USER user
WORKDIR /app

# Receive Git URL from build argument
RUN --mount=type=secret,id=URL,mode=0444,required=true \
    git clone https://$(cat /run/secrets/URL) .

# Set up virtual environment and dependencies
RUN python -m venv shared_venv && \
    shared_venv/bin/pip install --upgrade pip && \
    shared_venv/bin/pip install --no-cache-dir -r requirements.txt && \
    shared_venv/bin/pip install --no-cache-dir numpy && \
    shared_venv/bin/python -m pip list > /app/pip_list.txt

EXPOSE 7860

CMD ["shared_venv/bin/python", "-m", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860"]