#
# SPDX-FileCopyrightText: Hadad <hadad@linuxmail.org>
# SPDX-License-Identifier: Apache-2.0
#

# Use the latest version of Ubuntu image from the specified
# Docker Hub repository, as the base image for this container.
FROM hadadrjt/ubuntu:latest

# Set the working directory inside the container to /usr/src/app.
# All subsequent instructions will operate from this path.
WORKDIR /usr/src/app

# Copy all files and directories from the build context on the
# host machine into the working directory in the container.
COPY . .

# Install all Python dependencies listed in requirements.txt.
# The --no-cache-dir flag ensures that pip does not store the
# downloaded packages, reducing image size.
RUN pip install --no-cache-dir -r requirements.txt

# Create a new user named 'app' for running the
# application in production.
# Change ownership and permissions of the application directory.
# Lock the root account and restrict shell access.
RUN useradd -m app \
    && chown -R app:app /usr/src/app \
    && chmod -R u+rwX /usr/src/app \
    && passwd -l root \
    && usermod -s /usr/sbin/nologin root

# Expose port to allow external access to the Gradio application.
EXPOSE 7860

# Set an environment variable so Gradio listens on all network
# interfaces, enabling external connections.
ENV GRADIO_SERVER_NAME="0.0.0.0"

# Switch to the 'app' user for all subsequent instructions to
# enhance security and prevent running as root.
USER app

# Remove any default entrypoint to ensure only the CMD instruction is
# executed when the container starts.
ENTRYPOINT []

# Define the default command to start the application.
CMD ["python", "app.py"]