FROM python:3.12-slim-bookworm

WORKDIR /app

# Install system dependencies for Playwright/Chromium
RUN apt-get update && apt-get install -y --no-install-recommends \
    libnss3 libnspr4 libatk1.0-0 libatk-bridge2.0-0 libcups2 \
    libdrm2 libxkbcommon0 libxcomposite1 libxdamage1 libxfixes3 \
    libxrandr2 libgbm1 libpango-1.0-0 libcairo2 libasound2 \
    curl \
    # Browser-matrix stage 1: Firefox + WebKit deps + Xvfb (headed runs)
    xvfb \
    libdbus-glib-1-2 libxt6 \
    libwoff1 libvpx7 libevent-2.1-7 libopus0 libgstreamer-plugins-base1.0-0 \
    libgstreamer-gl1.0-0 libgstreamer1.0-0 libwebpdemux2 libharfbuzz-icu0 \
    libenchant-2-2 libsecret-1-0 libhyphen0 libmanette-0.2-0 libflite1 \
    libgles2 libx264-164 \
    && rm -rf /var/lib/apt/lists/*

# Create user BEFORE installing Playwright (so browsers are in user's cache)
RUN useradd --create-home appuser

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Install Playwright browsers AS appuser (so they land in /home/appuser/.cache/)
# Stage 1: chromium + firefox + webkit (Mobile-Safari = WebKit + devices preset)
USER appuser
RUN playwright install chromium firefox webkit
USER root

COPY . .
RUN chown -R appuser:appuser /app

USER appuser

EXPOSE 8094

# P83 — Build-SHA fuer check-rebuild-needed.sh
ARG BUILD_SHA="unknown"
ENV BUILD_SHA=${BUILD_SHA}

CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8094"]
