# Use a lightweight Python image
FROM python:3.11-slim

# Install system dependencies like ffmpeg and git as the root user
RUN apt-get update && apt-get install -y --no-install-recommends \
    ffmpeg \
    git \
    && rm -rf /var/lib/apt/lists/*

# Create a dedicated, non-root user for security.
# Hugging Face and other platforms run containers as a user like this.
RUN useradd -m -u 1000 user
ENV HOME=/home/user

# Set the working directory inside the new user's home directory
WORKDIR $HOME/app

# Copy the requirements file and set its ownership to the new user.
# This helps with Docker's layer caching.
COPY --chown=user:user requirements.txt .

# Switch from the root user to the non-root user
USER user

# Install Python dependencies into the user's home directory
# This avoids any permission issues with system-wide package installation.
RUN pip install --no-cache-dir --user -r requirements.txt

# Add the user's local bin directory to the system's PATH.
# This is crucial so that executables installed by pip (like gunicorn) can be found.
ENV PATH="$HOME/.local/bin:$PATH"

# Copy the rest of the project files, ensuring they are also owned by the user.
# This is what fixes the "Permission denied: 'cookies.txt'" error.
COPY --chown=user:user . .

# Expose the port the app will run on. Hugging Face Spaces typically use 7860.
EXPOSE 7860

# Start the Flask app using Gunicorn.
# Binding to 0.0.0.0 makes it accessible from outside the container.
CMD ["gunicorn", "--worker-class", "gevent", "--timeout", "3600", "--bind", "0.0.0.0:7860", "app:app"]