# ── Base Image ────────────────────────────────────────────────────────────────
# Python 3.11-slim — tested stable with torch, transformers, GLiNER on HF Spaces
FROM python:3.11-slim

# ── Working Directory ─────────────────────────────────────────────────────────
WORKDIR /app

# ── 1. System Dependencies ───────────────────────────────────────────────────
# build-essential  → C extension compilation (tokenizers, psycopg2 fallback)
# libgl1           → OpenCV / PyMuPDF dependency
# libglib2.0-0     → required by some Pillow backends
# tesseract-ocr    → OCR engine (pytesseract)
# libtesseract-dev → pytesseract dev headers
# git              → some pip installs pull from git at build time
# curl             → healthcheck script (optional but useful)
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    libgl1 \
    libglib2.0-0 \
    tesseract-ocr \
    libtesseract-dev \
    ffmpeg \
    git \
    curl \
    && rm -rf /var/lib/apt/lists/*


# ── 2. Upgrade pip + toolchain ────────────────────────────────────────────────
RUN pip install --upgrade pip setuptools wheel

# ── 3. Copy requirements and install Python dependencies ──────────────────────
# Done BEFORE copying app code so Docker layer cache is reused on code-only changes
COPY requirements.txt .
RUN pip install --no-cache-dir --prefer-binary -r requirements.txt

# ── 4. Bake always-on model assets into the image ────────────────────────────
# SpaCy large NER model (used by PiiSpacyAnalyzer — always loaded on startup)
RUN python -m spacy download en_core_web_lg

# NLTK corpora (used by backend.py NE chunker)
RUN python -m nltk.downloader \
    punkt \
    punkt_tab \
    averaged_perceptron_tagger \
    averaged_perceptron_tagger_eng \
    maxent_ne_chunker \
    maxent_ne_chunker_tab \
    words

# ── 5. Hugging Face Cache & Permissions ──────────────────────────────────────
# Lazy-loaded models (Pasteproof, Piiranha, NVIDIA GLiNER, mmbert32k,
# NerGuard-0.3B, GLiNER PII Large) will download into this directory on
# first request — kept persistent via HF Spaces persistent storage.
ENV TRANSFORMERS_CACHE=/app/cache
ENV HF_HOME=/app/cache
ENV HF_HUB_CACHE=/app/cache
# Disable tokenizer parallelism warnings in single-threaded server context
ENV TOKENIZERS_PARALLELISM=false
# Silence noisy HF progress bars in container logs
ENV HF_HUB_DISABLE_PROGRESS_BARS=1

RUN mkdir -p /app/cache && chmod 777 /app/cache

# ── 6. Copy application code ──────────────────────────────────────────────────
# .dockerignore excludes __pycache__, .venv, *.pyc, .git, node_modules etc.
COPY . .

# ── 7. Health check ───────────────────────────────────────────────────────────
# Docker / HF Spaces will mark the container unhealthy if the root endpoint
# doesn't respond within 30 s. Retries every 30 s, 3 retries before UNHEALTHY.
HEALTHCHECK --interval=30s --timeout=30s --start-period=90s --retries=3 \
    CMD curl -f http://localhost:7860/ || exit 1

# ── 8. Expose port ────────────────────────────────────────────────────────────
# Hugging Face Spaces standard port
EXPOSE 7860

# ── 9. Start FastAPI via Uvicorn ──────────────────────────────────────────────
# --workers 1          → HF Spaces free tier is single-CPU; >1 workers wastes RAM
# --timeout-keep-alive → prevents idle connections from blocking lazy model loads
# --log-level info     → structured logs visible in HF Spaces logs panel
CMD ["uvicorn", "api:app", \
     "--host", "0.0.0.0", \
     "--port", "7860", \
     "--workers", "1", \
     "--timeout-keep-alive", "75", \
     "--log-level", "info"]