FROM python:3.11-slim

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PORT=8080

WORKDIR /app

RUN apt-get update \
    && apt-get install -y --no-install-recommends ca-certificates \
    && rm -rf /var/lib/apt/lists/*

COPY requirements.txt /app/requirements.txt
RUN pip install --no-cache-dir -r /app/requirements.txt

COPY main.py /app/main.py
COPY wsgi.py /app/wsgi.py
COPY landing.html /app/landing.html
COPY CREDENTIALS.txt /app/CREDENTIALS.txt

RUN useradd -r -u 10001 -g root appuser && chown -R appuser:root /app
USER appuser

EXPOSE 8080

# Production server. -w 1 (single worker) is the simplest safe default.
# With Cloudant state you can safely increase workers or run multiple pods —
# each instance_id is independent and Cloudant is the shared source of truth.
# With file-based state (MODEL_BACKEND=local), stick to -w 1 on a single node
# (multiple nodes would require a shared volume).
# Increase --threads for higher concurrency within a single process.
# NOTE: port 8080 below is hardcoded — if you change it, also update DEFAULT_SERVER_PORT in main.py and ENV PORT above.
CMD ["gunicorn", \
     "-w", "1", \
     "--threads", "4", \
     "--timeout", "120", \
     "--access-logfile", "-", \
     "--error-logfile", "-", \
     "-b", "0.0.0.0:8080", \
     "wsgi:application"]
