# ── Stage 1: dependency installation ─────────────────────────────────────────
FROM python:3.12-slim AS builder

WORKDIR /app

RUN pip install --upgrade pip

COPY pyproject.toml .
RUN pip install --prefix=/install .

# ── Stage 2: runtime ──────────────────────────────────────────────────────────
FROM python:3.12-slim

# Create non-root user (UID/GID 1001)
RUN groupadd --gid 1001 appuser && \
    useradd --uid 1001 --gid 1001 --no-create-home --shell /bin/sh appuser

# Pre-create the config directory with correct ownership
RUN mkdir -p /config && chown -R appuser:appuser /config

WORKDIR /app

COPY --from=builder /install /usr/local

COPY --chown=appuser:appuser app ./app
COPY --chown=appuser:appuser scripts ./scripts
RUN chmod +x scripts/start.sh scripts/start_dev.sh

USER appuser

EXPOSE 8010

CMD ["sh", "scripts/start.sh"]