# syntax=docker/dockerfile:1.7

# ============================================================
# Stage 1 — builder
# ============================================================
FROM python:3.13-slim AS builder

# Metadata arguments (для CI/CD)
ARG BUILD_DATE
ARG VCS_REF
ARG VERSION=dev

# Python runtime оптимизация
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1

WORKDIR /app

# Установка uv (копируем бинарник напрямую — быстрее pip)
COPY --from=ghcr.io/astral-sh/uv:0.10.8 /uv /uvx /bin/

# Копируем только файлы зависимостей (Docker cache layer)
COPY pyproject.toml uv.lock* ./

# Установка зависимостей
RUN --mount=type=cache,target=/root/.cache/uv \
    uv sync --no-dev --frozen

# ============================================================
# Stage 2 — runtime
# ============================================================
FROM python:3.13-slim

ARG BUILD_DATE
ARG VCS_REF
ARG VERSION=dev

WORKDIR /app

# Python runtime оптимизация
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PATH="/app/.venv/bin:$PATH" \
    PYTHONPATH="/app"

# Создание non-root пользователя
RUN groupadd -g 1000 app \
 && useradd -u 1000 -g app -m -s /usr/sbin/nologin app

# Копируем виртуальное окружение
COPY --from=builder /app/.venv /app/.venv

# Копируем код приложения
COPY --chown=app:app . .

# Создаём runtime директории
RUN mkdir -p logs data \
 && chown -R app:app /app

USER app

# OCI image metadata
LABEL org.opencontainers.image.title="Python Application" \
      org.opencontainers.image.description="Production Python container" \
      org.opencontainers.image.version="${VERSION}" \
      org.opencontainers.image.created="${BUILD_DATE}" \
      org.opencontainers.image.revision="${VCS_REF}"

# Healthcheck (опционально)
HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
    CMD python -c "import socket; s=socket.socket(); s.connect(('127.0.0.1',8000)); s.close()" || exit 1

# Default command
CMD ["python", "main.py"]
