# Fast Secure ML Runner
# Optimized for data scientists with maximum speed

FROM continuumio/miniconda3:latest

# Install mamba for lightning-fast package resolution
RUN conda install -n base -c conda-forge mamba -y && \
    conda clean -afy

# Security: Create non-root user
RUN groupadd -r mlrunner && useradd -r -g mlrunner mlrunner

# Create secure workspace
WORKDIR /workspace
RUN chown mlrunner:mlrunner /workspace

# Create conda environment with mamba (much faster than pip)
RUN mamba create -n ml_env python=3.10 -y && \
    chown -R mlrunner:mlrunner /opt/conda/envs/ml_env

# Pre-install ML packages with mamba (super fast!)
RUN mamba install -n ml_env \
    pytorch>=1.9.0 \
    torchvision>=0.10.0 \
    numpy>=1.21.0 \
    pandas>=1.3.0 \
    scikit-learn>=1.0.0 \
    xgboost>=1.5.0 \
    matplotlib>=3.5.0 \
    seaborn>=0.11.0 \
    jupyter>=1.0.0 \
    -c pytorch -c conda-forge -y && \
    conda clean -afy

# Poetry (for pyproject.toml + poetry.lock projects)
RUN mamba install -n ml_env poetry -c conda-forge -y && \
    conda clean -afy

# Copy security wrapper
COPY secure_runner.py /usr/local/bin/secure_runner.py
COPY security_policy.json /etc/ml_runner/security_policy.json

# Set permissions
RUN chmod +x /usr/local/bin/secure_runner.py && \
    chown mlrunner:mlrunner /usr/local/bin/secure_runner.py

# Switch to non-root user
USER mlrunner

# Set conda environment
SHELL ["/bin/bash", "-c"]
ENTRYPOINT ["conda", "run", "-n", "ml_env", "python", "/usr/local/bin/secure_runner.py"]

# Labels
LABEL package_manager="mamba" \
      speed="optimized" \
      ml_frameworks="pytorch,sklearn,xgboost" \
      security="enabled"