FROM python:3.11-slim-bookworm

# Install system dependencies (git + ffmpeg)
RUN apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y \
    && apt-get install -y --no-install-recommends git ffmpeg \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

WORKDIR /code

COPY ./requirements.txt /code/requirements.txt

# Install Python requirements
RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt

# # Clone transformers and install it
# RUN git clone https://github.com/huggingface/transformers \
#     && cd transformers && pip install . \
#     && pip install -r examples/pytorch/speech-recognition/requirements.txt

# Create non-root user
RUN useradd -m -u 1000 user

USER user

ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH

WORKDIR $HOME/app

RUN pip install --no-cache-dir --upgrade pip

COPY --chown=user . $HOME/app

USER root

# Configure Git safe directory
RUN git config --global --add safe.directory /home/user/app

# If you need secrets, handle them properly
RUN --mount=type=secret,id=GENAI_API_KEY,mode=0444,required=true

CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860", "--workers", "2"]