# Use Python 3.12 as the base image
FROM python:3.12

# Set up a new user named "user" with user ID 1000
RUN useradd -m -u 1000 user

# Switch to the "user" user
USER user

# Set home to the user's home directory
ENV HOME=/home/user \
	PATH=/home/user/.local/bin:$PATH

# Set the working directory to the user's home directory
WORKDIR $HOME/app

# Try and run pip command after setting the user with `USER user` to avoid permission issues with Python
RUN pip install --no-cache-dir --upgrade pip
# Copy the current directory contents into the container at $HOME/app setting the owner to the user
COPY --chown=user . $HOME/app

# Copy requirements and install dependencies
RUN pip install --no-cache-dir --upgrade -r requirements.txt \
    chown -R user:user $HOME

# Hugging Face Spaces does NOT support --mount=type=secret.
# Instead, access HF_TOKEN via environment variables at runtime.
CMD huggingface-cli login --token $HF_TOKEN --add-to-git-credential && \
    streamlit run app.py \
    --server.headless true \
    --server.enableCORS false \
    --server.enableXsrfProtection false \
    --server.fileWatcherType none