FROM python:3.13.5-slim

# Create non-root user
RUN useradd -m -u 1000 user

ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH
RUN mkdir -p /home/user/app && chown -R user:user /home/user/app
WORKDIR $HOME/app

# Switch to root
USER root

# Install dependencies
RUN apt-get update && apt-get install -y \
    build-essential \
    curl \
    software-properties-common \
    git \
    nginx \
    && rm -rf /var/lib/apt/lists/*

# Fix nginx permissions
RUN mkdir -p /var/cache/nginx /var/log/nginx /var/lib/nginx && \
    touch /var/run/nginx.pid && \
    chown -R user:user /var/cache/nginx /var/log/nginx /var/lib/nginx /var/run/nginx.pid

# Switch to user
USER user

# Install Python dependencies
COPY --chown=user requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt

# Copy code and config
COPY --chown=user nginx.conf /etc/nginx/sites-available/default
COPY --chown=user .streamlit /home/user/app/.streamlit
COPY --chown=user run.sh /home/user/app/run.sh
COPY --chown=user src /home/user/app/src
COPY --chown=user results /home/user/app/results

EXPOSE 8501
CMD ["bash", "run.sh"]