# === Stage 1: build dependencies ===
FROM python:3.13-slim AS builder

COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv

WORKDIR /app

# Copy only dependency files first (cache layer)
COPY pyproject.toml uv.lock ./

# Install dependencies into a self-contained venv
RUN uv sync --frozen --no-dev --no-install-project

# Copy application code
COPY . .

# Install the project itself
RUN uv sync --frozen --no-dev


# === Stage 2: runtime ===
FROM python:3.13-slim AS runtime

RUN groupadd --gid 1000 app && \
    useradd --uid 1000 --gid app --shell /bin/bash --create-home app

WORKDIR /app

# Copy the entire venv and application from builder
COPY --from=builder /app /app

# Remove files that must not be in the image
RUN rm -f .env .env.* && rm -rf __pycache__

ENV PATH="/app/.venv/bin:$PATH" \
    PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1

USER app

EXPOSE 3001

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
    CMD ["python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:3001/health')"]

CMD ["uvicorn", "server:app", "--host", "0.0.0.0", "--port", "3001", \
     "--log-level", "warning", "--timeout-keep-alive", "75"]