# FlowerCore speech-align — wraps SYSTRAN/faster-whisper with /align +
# /transcribe endpoints used by FlowerCore.TtsReader. CPU-only image; the
# default int8 compute type runs base.en at ~real-time on a single core.
#
# Build: podman build -t localhost/fc-speech-align:<ver> .
# Run:   podman run --rm -p 9200:9200 -v fc-speech-align-models:/models localhost/fc-speech-align:<ver>

FROM python:3.12-slim AS base

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_DISABLE_PIP_VERSION_CHECK=1 \
    PIP_NO_CACHE_DIR=1 \
    WHISPER_MODEL=Systran/faster-whisper-base.en \
    WHISPER_CACHE_DIR=/models \
    WHISPER_DEVICE=cpu \
    WHISPER_COMPUTE_TYPE=int8 \
    DEFAULT_LANGUAGE=en \
    MAX_AUDIO_BYTES=52428800

# faster-whisper depends on libsndfile1 + libgomp1 (OpenMP runtime). ffmpeg is
# pulled in for non-WAV inputs (transcribe accepts any container).
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
        libsndfile1 \
        libgomp1 \
        ffmpeg \
        ca-certificates \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app
COPY requirements.txt /app/
RUN pip install --no-cache-dir -r requirements.txt

COPY app.py /app/

# Run as a non-root user to satisfy K8s securityContext.runAsNonRoot.
RUN useradd --create-home --shell /usr/sbin/nologin --uid 1654 align \
    && mkdir -p /models \
    && chown -R 1654:1654 /models
USER 1654

EXPOSE 9200
HEALTHCHECK --interval=30s --timeout=5s --start-period=120s --retries=3 \
    CMD python -c "import urllib.request,sys; urllib.request.urlopen('http://127.0.0.1:9200/health',timeout=3); sys.exit(0)" || exit 1

CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "9200", "--workers", "1"]
