# syntax=docker/dockerfile:1.7

# --- Stage 1: build --------------------------------------------------------
FROM python:3.12-slim-bookworm AS build

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_DISABLE_PIP_VERSION_CHECK=1 \
    PIP_NO_CACHE_DIR=1

# WeasyPrint native deps + libpq + build tools.
RUN apt-get update && apt-get install -y --no-install-recommends \
        build-essential \
        libpq-dev \
        libpango-1.0-0 \
        libpangoft2-1.0-0 \
        libcairo2 \
        libgdk-pixbuf-2.0-0 \
        libffi-dev \
        shared-mime-info \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /build
COPY pyproject.toml README.md ./
COPY src ./src

RUN pip install --upgrade pip wheel build \
    && pip wheel --wheel-dir /wheels --no-deps .

RUN pip install --prefix=/install --no-warn-script-location .

# --- Stage 2: runtime ------------------------------------------------------
FROM python:3.12-slim-bookworm AS runtime

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    FLASK_APP=mimic.app:create_app \
    MIMIC_ENV=production

RUN apt-get update && apt-get install -y --no-install-recommends \
        libpq5 \
        libpango-1.0-0 \
        libpangoft2-1.0-0 \
        libcairo2 \
        libgdk-pixbuf-2.0-0 \
        shared-mime-info \
        tini \
    && rm -rf /var/lib/apt/lists/* \
    && groupadd --system --gid 1001 mimic \
    && useradd  --system --uid 1001 --gid 1001 --home-dir /app --shell /usr/sbin/nologin mimic

WORKDIR /app
COPY --from=build /install /usr/local
COPY --chown=mimic:mimic src ./src

USER mimic
EXPOSE 5000

ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["gunicorn", "--worker-class", "gevent", "--workers", "1", "--bind", "0.0.0.0:5000", "mimic.app:create_app()"]