FROM python:3.11-slim-bookworm AS base

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    UV_COMPILE_BYTECODE=1 \
    UV_LINK_MODE=copy \
    UV_PYTHON_DOWNLOADS=never \
    UV_PROJECT_ENVIRONMENT=/app/.venv

WORKDIR /app

RUN groupadd -r appgroup && useradd -r -g appgroup -m appuser

# Install uv binary.
COPY --from=ghcr.io/astral-sh/uv:0.7.2 /uv /uvx /usr/local/bin/


FROM base AS builder

ARG INSTALL_DEV=false

# hadolint ignore=DL3008
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
    build-essential \
    gcc \
    libpq-dev \
    libffi-dev \
    libxml2-dev \
    libxslt1-dev \
    zlib1g-dev \
    pkg-config \
    && rm -rf /var/lib/apt/lists/*

COPY pyproject.toml uv.lock ./

RUN if [ "${INSTALL_DEV}" = "true" ]; then \
        uv sync --frozen --no-install-project --dev; \
    else \
        uv sync --frozen --no-install-project; \
    fi


FROM base AS runtime-base

# hadolint ignore=DL3008
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
    curl \
    libpq5 \
    libffi8 \
    libxml2 \
    libxslt1.1 \
    zlib1g \
    && rm -rf /var/lib/apt/lists/*

COPY --from=builder /app/.venv /app/.venv
COPY src/ ./src/
COPY docker/scripts/ ./docker/scripts/

RUN mkdir -p logs media staticfiles input src/static \
    && chmod +x /app/docker/scripts/*.sh \
    && chown -R appuser:appgroup /app

ENV PATH="/app/.venv/bin:${PATH}" \
    PYTHONPATH=/app/src

USER appuser
ENTRYPOINT ["/app/docker/scripts/entrypoint.sh"]


FROM runtime-base AS runtime-web

EXPOSE 8000
CMD ["web"]


FROM runtime-base AS runtime-celery

CMD ["celery-worker"]