# TODO: Pin to sha256 digest after verifying with: docker pull python:3.11-slim && docker inspect python:3.11-slim --format='{{index .RepoDigests 0}}'
FROM python:3.11-slim

# Install system dependencies and TA-Lib from prebuilt .deb
RUN apt-get update && apt-get install -y \
    wget \
    curl \
    libpq-dev \
    && rm -rf /var/lib/apt/lists/*

RUN wget https://github.com/ta-lib/ta-lib/releases/download/v0.6.4/ta-lib_0.6.4_amd64.deb \
    && dpkg -i ta-lib_0.6.4_amd64.deb \
    && rm ta-lib_0.6.4_amd64.deb

# Set working directory
WORKDIR /app

# Copy dependency files
COPY pyproject.toml ./

# Install Python dependencies
RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir .

# Copy application code
COPY . .

# Expose port for FastAPI
EXPOSE 8001

# Create non-root user and set ownership
RUN useradd -r -s /bin/false appuser
RUN chown -R appuser:appuser /app

# Switch to non-root user
USER appuser

# Run the inference server by default
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8001"]
