# ── Base image ────────────────────────────────────────────────────────────────
FROM python:3.11-slim

# ── Environment ───────────────────────────────────────────────────────────────
ENV PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1 \
    DEBIAN_FRONTEND=noninteractive \
    HF_HOME=/app/.cache/huggingface \
    PIP_NO_CACHE_DIR=1 \
    PIP_DISABLE_PIP_VERSION_CHECK=1

# ── System deps ───────────────────────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
        gcc g++ git wget curl \
        espeak-ng espeak-ng-data \
        libsndfile1 libgomp1 \
    && rm -rf /var/lib/apt/lists/*

# ── App directory + non-root user (HF Spaces requirement) ────────────────────
WORKDIR /app
RUN useradd -m -u 1000 appuser

# ── Python dependencies ───────────────────────────────────────────────────────
COPY requirements.txt .
RUN pip install torch==2.5.1 --index-url https://download.pytorch.org/whl/cpu \
    && pip install -r requirements.txt

# ── Fix optimum-quanto C++ extension permissions ──────────────────────────────
# quanto JIT-compiles a C++ kernel on first use and writes to a `build/`
# directory inside the package. Since the container runs as non-root appuser,
# we pre-create that directory as root and make it world-writable so the
# runtime compilation succeeds without a PermissionError.
RUN mkdir -p /usr/local/lib/python3.11/site-packages/optimum/quanto/library/extensions/cpp/build \
    && chmod 777 /usr/local/lib/python3.11/site-packages/optimum/quanto/library/extensions/cpp/build

# ── Piper TTS voice model ─────────────────────────────────────────────────────
RUN mkdir -p /app/models \
    && wget -q -O /app/models/en_US-lessac-medium.onnx \
       "https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/lessac/medium/en_US-lessac-medium.onnx" \
    && wget -q -O /app/models/en_US-lessac-medium.onnx.json \
       "https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/lessac/medium/en_US-lessac-medium.onnx.json"

# ── Copy source ───────────────────────────────────────────────────────────────
COPY app.py .

# ── Permissions ───────────────────────────────────────────────────────────────
RUN chown -R appuser:appuser /app
USER appuser

# ── Expose & run ──────────────────────────────────────────────────────────────
EXPOSE 7860
CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860", "--workers", "1"]