FROM python:3.9-slim

WORKDIR /app

# Install system dependencies
RUN apt-get update && apt-get install -y \
    libgl1-mesa-glx \
    libglib2.0-0 \
    && rm -rf /var/lib/apt/lists/*

# Copy the requirements file and install Python packages
COPY requirements.txt ./
RUN pip3 install --no-cache-dir -r requirements.txt

# Copy ALL your application files from the root into the container's /app directory
COPY . .

# --- User and Permission Setup ---
# Create a group and user
RUN groupadd --system appuser && useradd --system --gid appuser appuser

# Change ownership of the entire app directory to the user
RUN chown -R appuser:appuser /app

# Set the HOME environment variable for the user
ENV HOME=/app

# Tell Ultralytics to use the /tmp directory for its config
ENV YOLO_CONFIG_DIR=/tmp

# Switch to the non-root user
USER appuser
# --- End of User Setup ---

EXPOSE 8501

HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health || exit 1

# --- FINAL UPDATED ENTRYPOINT ---
# Added `--server.headless=true` to make Streamlit compatible with the Hugging Face proxy.
# This fixes the 403 Forbidden error on file uploads.
ENTRYPOINT ["streamlit", "run", "streamlit_app.py", "--server.port=8501", "--server.address=0.0.0.0", "--browser.gatherUsageStats=false", "--server.headless=true"]