# Stage 1: Build stage (if needed for compiling specific dependencies)
FROM python:3.9-slim as build-stage

# Install system dependencies required for Python packages
RUN apt-get update && apt-get install -y build-essential

# Set the working directory
WORKDIR /app

# Copy requirements file
COPY requirements.txt .

# Install Python dependencies
RUN pip install --no-cache-dir -r requirements.txt


# Stage 2: Final stage
FROM python:3.9-slim

# Install system dependencies required at runtime
RUN apt-get update && apt-get install -y libmagic1 file && apt-get clean

# Set the working directory in the container
WORKDIR /app

# Copy Python dependencies from the build stage
COPY --from=build-stage /usr/local/lib/python3.9/site-packages /usr/local/lib/python3.9/site-packages
COPY --from=build-stage /usr/local/bin /usr/local/bin

# Add non-root user and switch to it for better security
RUN useradd -m flaskuser

# Copy application code
COPY . /app

# Create 'letterhead' directory and set write permissions for flaskuser
RUN mkdir /app/letterhead && chown flaskuser:flaskuser /app/letterhead && chmod 755 /app/letterhead

# Change ownership of /app to flaskuser
RUN chown -R flaskuser:flaskuser /app

# Switch to the non-root user
USER flaskuser

# Expose the port your Flask app will run on
EXPOSE 7860

# Run the Flask app using gunicorn with an infinite request timeout
CMD ["gunicorn", "--bind", "0.0.0.0:7860", "--timeout", "0", "--access-logfile", "-", "--error-logfile", "-", "app:app"]