FROM python:3.12-slim

# Update system packages for security and install build dependencies
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
    gcc \
    g++ \
    && rm -rf /var/lib/apt/lists/*

# Install Python dependencies with specific versions for stability
# Install torch first from PyTorch index
RUN pip install --no-cache-dir torch==2.3.0 --index-url https://download.pytorch.org/whl/cpu

# Install other dependencies from default PyPI
RUN pip install --no-cache-dir \
    qdrant-client==1.15.0 \
    sentence-transformers==2.2.2 \
    numpy==1.24.3 \
    psutil==5.9.5

# Create non-root user
RUN useradd -m -u 1000 importer

# Set working directory
WORKDIR /app

# Switch to non-root user
USER importer

# Default command
CMD ["python", "/scripts/streaming-importer.py"]