# --- Base image ---
FROM python:3.12-slim

# --- Environment variables ---
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

# --- Set working directory ---
WORKDIR /cost-assistant

# --- Install system dependencies (minimal for OpenCV, Poppler, PDF/image handling) ---
RUN apt-get update && apt-get install -y --no-install-recommends \
    libgl1 \
    libglib2.0-0 \
    poppler-utils \
    && rm -rf /var/lib/apt/lists/*

# --- Copy requirements and install Python dependencies ---
COPY requirements.txt .
RUN python -m pip install --no-cache-dir -r requirements.txt

# --- Copy project files ---
COPY . .

# --- Create upload folder and set permissions ---
RUN mkdir -p data/uploads \
    && groupadd -r appuser && useradd -r -g appuser appuser \
    && chown -R appuser:appuser data/uploads

# --- Switch to non-root user for security ---
USER appuser

# --- Expose internal port (optional, handled via Docker Compose) ---
EXPOSE 8000

# --- Run Gunicorn with Uvicorn worker for production ---
CMD ["gunicorn", "main:app", "-k", "uvicorn.workers.UvicornWorker", "--bind", "0.0.0.0:8000", "--workers", "4", "--timeout", "120"]