ARG PYTHON_IMAGE=python:3.11-slim-bookworm
ARG UV_IMAGE=ghcr.io/astral-sh/uv:0.7.2
ARG GOLDEN_WEB_IMAGE=web-deps-base
ARG GOLDEN_CELERY_IMAGE=celery-deps-base

FROM ${UV_IMAGE} AS uv-bin

FROM ${PYTHON_IMAGE} AS base

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    UV_COMPILE_BYTECODE=1 \
    UV_LINK_MODE=copy \
    UV_PYTHON_DOWNLOADS=never \
    UV_PROJECT_ENVIRONMENT=/app/.venv

WORKDIR /app

RUN groupadd -r appgroup && useradd -r -g appgroup -m appuser

COPY --from=uv-bin /uv /uvx /usr/local/bin/


FROM base AS builder-base

# hadolint ignore=DL3008
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
    build-essential \
    gcc \
    libpq-dev \
    libffi-dev \
    libxml2-dev \
    libxslt1-dev \
    zlib1g-dev \
    pkg-config \
    && rm -rf /var/lib/apt/lists/*

COPY pyproject.toml uv.lock ./


FROM builder-base AS prod-deps-base

RUN uv sync --frozen --no-install-project


FROM builder-base AS ci-deps-build

RUN uv sync --frozen --no-install-project --dev


FROM base AS ci-deps-base

COPY --from=ci-deps-build /app/.venv /app/.venv
COPY pyproject.toml uv.lock ./

ENV PATH="/app/.venv/bin:${PATH}" \
    PYTHONPATH=/workspace/src \
    DJANGO_SETTINGS_MODULE=settings.test


FROM ci-deps-base AS web-deps-base

USER root

# hadolint ignore=DL3008
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
    curl \
    libpq5 \
    libffi8 \
    libxml2 \
    libxslt1.1 \
    zlib1g \
    && rm -rf /var/lib/apt/lists/*

RUN mkdir -p logs media staticfiles input/fns input/fns/processed input/fns/failed src/static \
    && chown -R appuser:appgroup logs media staticfiles input src/static

ENV PATH="/app/.venv/bin:${PATH}" \
    PYTHONPATH=/app/src \
    DJANGO_SETTINGS_MODULE=settings.dev \
    POSTGRES_HOST=db \
    POSTGRES_PORT=5432 \
    POSTGRES_DB=mostovik \
    POSTGRES_USER=postgres \
    POSTGRES_PASSWORD=postgres \
    POSTGRES_SSLMODE=disable \
    REDIS_HOST=redis \
    REDIS_CACHE_URL=redis://redis:6379/1 \
    CELERY_BROKER_URL=redis://redis:6379/0 \
    CELERY_RESULT_BACKEND=redis://redis:6379/0 \
    PORT=8000 \
    GUNICORN_WORKERS=4 \
    GUNICORN_TIMEOUT=300 \
    CELERY_LOG_LEVEL=INFO \
    CELERY_WORKER_CONCURRENCY=2 \
    CHECKO_API_KEY= \
    ZAKUPKI_TOKEN= \
    SUPERJOB_APP_ID= \
    COLLECTSTATIC_ON_MIGRATE=0 \
    BACKUP_ENCRYPTION_KEY= \
    BACKUP_KEY_ID=default \
    BACKUP_EXPORT_DIRECTORY=/app/media/backups \
    STATE_CORP_EXCHANGE_URL= \
    STATE_CORP_EXCHANGE_TOKEN= \
    STATE_CORP_EXCHANGE_KEY_ID=state-corp-shared-token \
    STATE_CORP_EXCHANGE_TIMEOUT_SECONDS=60

USER appuser


FROM ${GOLDEN_WEB_IMAGE} AS celery-deps-base

USER root

# Playwright/Chromium runtime dependencies.
# hadolint ignore=DL3008
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
    libnss3 \
    libnspr4 \
    libatk1.0-0 \
    libatk-bridge2.0-0 \
    libcups2 \
    libdrm2 \
    libdbus-1-3 \
    libxkbcommon0 \
    libxcomposite1 \
    libxdamage1 \
    libxfixes3 \
    libxrandr2 \
    libgbm1 \
    libasound2 \
    libpango-1.0-0 \
    libcairo2 \
    libatspi2.0-0 \
    && rm -rf /var/lib/apt/lists/*

ENV PLAYWRIGHT_BROWSERS_PATH=/app/.playwright
RUN python -m playwright install chromium \
    && chown -R appuser:appgroup /app/.playwright

USER appuser


FROM ${GOLDEN_WEB_IMAGE} AS runtime-web

WORKDIR /app
USER root
COPY src/ ./src/
COPY docker/scripts/ ./docker/scripts/
RUN mkdir -p logs media staticfiles input/fns input/fns/processed input/fns/failed src/static \
    && chmod +x /app/docker/scripts/*.sh \
    && chown -R appuser:appgroup logs media staticfiles input src/static docker/scripts

USER appuser

EXPOSE 8000
CMD ["/app/docker/scripts/start-web.sh"]


FROM ${GOLDEN_CELERY_IMAGE} AS runtime-celery

WORKDIR /app
USER root
COPY src/ ./src/
COPY docker/scripts/ ./docker/scripts/
RUN mkdir -p logs media staticfiles input/fns input/fns/processed input/fns/failed src/static \
    && chmod +x /app/docker/scripts/*.sh \
    && chown -R appuser:appgroup logs media staticfiles input src/static docker/scripts

USER appuser

CMD ["/app/docker/scripts/start-celery-worker.sh"]
