FROM continuumio/miniconda3:latest

# Install mamba for fast package management
RUN conda install -n base -c conda-forge mamba -y && \
    conda clean -afy

# Create non-root user
RUN groupadd -r mlrunner && useradd -r -g mlrunner mlrunner

# Set workspace
WORKDIR /workspace
RUN chown mlrunner:mlrunner /workspace

# Create ML environment with tools
RUN mamba create -n ml_env python=3.10 -y && \
    chown -R mlrunner:mlrunner /opt/conda/envs/ml_env

# Install ML Frameworks
RUN mamba install -n ml_env \
    pytorch>=1.9.0 \
    torchvision>=0.10.0 \
    numpy>=1.21.0 \
    pandas>=1.3.0 \
    scikit-learn>=1.0.0 \
    xgboost>=1.5.0 \
    matplotlib>=3.5.0 \
    seaborn>=0.11.0 \
    jupyter>=1.0.0 \
    notebook>=6.4.0 \
    ipykernel>=6.0.0 \
    -c pytorch -c conda-forge -y && \
    conda clean -afy

# Install ML Tools with pip (for tools not in conda)
RUN conda run -n ml_env pip install --no-cache-dir \
    tensorflow>=2.8.0 \
    statsmodels>=0.13.0 \
    plotly>=5.0.0 \
    dash>=2.0.0 \
    mlflow>=2.0.0 \
    wandb>=0.13.0 \
    streamlit>=1.20.0 \
    panel>=1.0.0 \
    bokeh>=3.0.0 \
    dvc>=3.0.0 \
    optuna>=3.0.0 \
    hyperopt>=0.2.0

# Copy security files
COPY secure_runner.py /usr/local/bin/secure_runner.py
COPY security_policy.json /etc/ml_runner/security_policy.json
COPY test_ml_tools.py /workspace/test_ml_tools.py

# Set permissions
RUN chmod +x /usr/local/bin/secure_runner.py && \
    chown mlrunner:mlrunner /usr/local/bin/secure_runner.py

# Switch to non-root user
USER mlrunner

# Set entrypoint
ENTRYPOINT ["conda", "run", "-n", "ml_env", "python", "/usr/local/bin/secure_runner.py"]

# Labels
LABEL package_manager="mamba" \
      speed="optimized" \
      ml_frameworks="pytorch,sklearn,xgboost" \
      ml_tools="mlflow,wandb,streamlit,dash,panel,bokeh" \
      security="enabled"