# syntax=docker/dockerfile:1.7
#
# Production Whisper wrapper — copies the existing services/whisper code
# but adds curl for healthchecks + a non-root user. The runtime is the
# same faster-whisper image you've been using in dev.
#
# Build context = repo root.
FROM python:3.11-slim-bookworm
RUN apt-get update && \
    apt-get install -y --no-install-recommends ffmpeg curl tini && \
    rm -rf /var/lib/apt/lists/* && \
    addgroup --gid 1001 sehat && adduser --uid 1001 --gid 1001 --disabled-password --gecos "" sehat
WORKDIR /app

# Pinned deps (mirror services/whisper/Dockerfile)
RUN pip install --no-cache-dir \
        "faster-whisper==1.0.3" \
        "ctranslate2==4.4.0" \
        "fastapi==0.115.0" \
        "uvicorn[standard]==0.30.6" \
        "python-multipart==0.0.9" \
        "requests==2.32.3"

COPY --chown=sehat:sehat services/whisper/app.py ./app.py

# Cache dir for the model weights (mount a named volume in prod compose)
RUN mkdir -p /home/sehat/.cache/huggingface && chown -R sehat:sehat /home/sehat
ENV HF_HOME=/home/sehat/.cache/huggingface \
    WHISPER_MODEL=small \
    WHISPER_DEVICE=cpu \
    WHISPER_COMPUTE_TYPE=int8

HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \
    CMD curl -fsS http://127.0.0.1:8001/health || exit 1

USER sehat
EXPOSE 8001
ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "8001"]