# Multi-stage build to create a minimal image
FROM python:3.13-slim AS builder

# Create working directory
WORKDIR /app

# poetry export -f requirements.txt --output requirements.txt --without-hashes
# Copy dependency files
COPY requirements.txt ./

# Install dependencies to a target directory
RUN --mount=type=cache,target=/root/.cache/pip \
    pip install --no-deps --disable-pip-version-check -r requirements.txt

# Runtime stage
FROM python:3.13-slim AS runtime

# Create working directory
WORKDIR /app

# Install only runtime dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*

# Create a non-root user for security
RUN useradd --home-dir /app --no-create-home --uid 1000 myice

# Copy installed packages from builder stage
COPY --from=builder /usr/local/lib/python3.13/site-packages /usr/local/lib/python3.13/site-packages

# Copy application code
COPY index.html favicon.ico ./
COPY myice ./myice

# Change ownership of copied files
RUN chown -R myice:myice /app

# Switch to non-root user
USER myice

# Bytecompile Python files for faster first load
RUN python -m compileall -q ./myice

# Expose port
EXPOSE 8000

# Run the application
ENTRYPOINT ["python", "-m", "uvicorn", "myice.webapi:app", "--host", "0.0.0.0", "--port", "8000"]