# Use an official Python runtime as a parent image
FROM python:3.10-slim

# Create a new user named "user" with user ID 1000
RUN useradd -m -u 1000 user

# Switch to the "user" user
USER user

# Set home to the user's home directory
ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH

# Set the working directory to the user's home directory
WORKDIR $HOME/app

# Copy the current directory contents into the container at $HOME/app
COPY --chown=user . $HOME/app

# Install dependencies
RUN pip install --no-cache-dir -r requirements.txt

# Expose the secret at buildtime
RUN --mount=type=secret,id=HF_TOKEN,mode=0444 \
    echo "Hugging Face token retrieved"

# Start the app
CMD ["python", "app.py"]