FROM python:3.11-slim-bookworm AS base

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    UV_COMPILE_BYTECODE=1 \
    UV_LINK_MODE=copy \
    UV_PYTHON_DOWNLOADS=never \
    UV_PROJECT_ENVIRONMENT=/app/.venv

WORKDIR /app

RUN groupadd -r appgroup && useradd -r -g appgroup -m appuser

# Install uv binary.
COPY --from=ghcr.io/astral-sh/uv:0.7.2 /uv /uvx /usr/local/bin/


FROM base AS builder

ARG INSTALL_DEV=false

# hadolint ignore=DL3008
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
    build-essential \
    gcc \
    libpq-dev \
    libffi-dev \
    libxml2-dev \
    libxslt1-dev \
    zlib1g-dev \
    pkg-config \
    && rm -rf /var/lib/apt/lists/*

COPY pyproject.toml uv.lock ./

RUN if [ "${INSTALL_DEV}" = "true" ]; then \
        uv sync --frozen --no-install-project --dev; \
    else \
        uv sync --frozen --no-install-project; \
    fi


FROM base AS runtime-base

# hadolint ignore=DL3008
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
    curl \
    libpq5 \
    libffi8 \
    libxml2 \
    libxslt1.1 \
    zlib1g \
    && rm -rf /var/lib/apt/lists/*

COPY --from=builder /app/.venv /app/.venv
COPY src/ ./src/
COPY docker/scripts/ ./docker/scripts/

RUN mkdir -p logs media staticfiles input/fns input/fns/processed input/fns/failed src/static \
    && chmod +x /app/docker/scripts/*.sh \
    && chown -R appuser:appgroup /app

ENV PATH="/app/.venv/bin:${PATH}" \
    PYTHONPATH=/app/src \
    DJANGO_SETTINGS_MODULE=settings.dev \
    POSTGRES_HOST=10.10.0.114 \
    POSTGRES_PORT=5432 \
    POSTGRES_DB=mostovik \
    POSTGRES_USER=postgres \
    POSTGRES_PASSWORD=postgres \
    POSTGRES_SSLMODE=disable \
    REDIS_HOST=10.10.0.110 \
    REDIS_CACHE_URL=redis://10.10.0.110:6379/1 \
    CELERY_BROKER_URL=redis://10.10.0.110:6379/0 \
    CELERY_RESULT_BACKEND=redis://10.10.0.110:6379/0 \
    PORT=8000 \
    GUNICORN_WORKERS=4 \
    GUNICORN_TIMEOUT=60 \
    CELERY_LOG_LEVEL=INFO \
    CELERY_WORKER_CONCURRENCY=2 \
    CHECKO_API_KEY=pRiEnJuD1tclsLCb \
    ZAKUPKI_TOKEN=019c03d7-e1f6-7091-b296-8c88b4c585dd \
    COLLECTSTATIC_ON_MIGRATE=0 \
    BACKUP_ENCRYPTION_KEY=a2tra2tra2tra2tra2tra2tra2tra2tra2tra2s \
    BACKUP_KEY_ID=default \
    BACKUP_EXPORT_DIRECTORY=/app/media/backups \
    STATE_CORP_EXCHANGE_URL= \
    STATE_CORP_EXCHANGE_TOKEN= \
    STATE_CORP_EXCHANGE_KEY_ID=state-corp-shared-token \
    STATE_CORP_EXCHANGE_TIMEOUT_SECONDS=60

USER appuser


FROM runtime-base AS runtime-web

EXPOSE 8000
CMD ["/app/docker/scripts/start-web.sh"]


FROM runtime-base AS runtime-celery

USER root

# Playwright/Chromium runtime dependencies.
# hadolint ignore=DL3008
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
    libnss3 \
    libnspr4 \
    libatk1.0-0 \
    libatk-bridge2.0-0 \
    libcups2 \
    libdrm2 \
    libdbus-1-3 \
    libxkbcommon0 \
    libxcomposite1 \
    libxdamage1 \
    libxfixes3 \
    libxrandr2 \
    libgbm1 \
    libasound2 \
    libpango-1.0-0 \
    libcairo2 \
    libatspi2.0-0 \
    && rm -rf /var/lib/apt/lists/*

ENV PLAYWRIGHT_BROWSERS_PATH=/app/.playwright
RUN python -m playwright install chromium \
    && chown -R appuser:appgroup /app

USER appuser

CMD ["/app/docker/scripts/start-celery-worker.sh"]