FROM python:3.11-slim

# Set a working directory
WORKDIR /app

# Prevent Python from writing .pyc files and enable unbuffered stdout/stderr
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    APP_PORT=8081 \
    GUNICORN_CMD_ARGS="--bind=0.0.0.0:${APP_PORT} --workers=4 --threads=2"

# Install system deps
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    gcc \
    libffi-dev \
    && rm -rf /var/lib/apt/lists/*

# Create a non-root user
RUN useradd --create-home --shell /bin/bash appuser

# Copy requirements and install
COPY requirements.txt /app/
RUN pip install --no-cache-dir -r requirements.txt

# Copy application
COPY . /app
RUN chown -R appuser:appuser /app

USER appuser

# expose the default APP_PORT (can be overridden at runtime)
EXPOSE 8081

# Default command: run the app with gunicorn
CMD ["gunicorn", "--chdir", "./", "app:app"]