# syntax=docker/dockerfile:1.3
FROM debian:bookworm-slim

ENV VIRTUAL_ENV=/home/appuser/.venv
ENV PATH="$VIRTUAL_ENV/bin:$PATH"

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    --mount=type=cache,target=/var/lib/apt,sharing=locked \
    apt-get update && apt-get install --no-install-recommends -y \
    # need curl to run health check in docker-compose
    curl \
    && rm -rf /var/lib/apt/lists/*

COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv

RUN useradd --create-home --uid 1001 appuser
WORKDIR /home/appuser

USER 1001

COPY --chown=1001 pyproject.toml uv.lock README.md ./

RUN --mount=type=cache,target=/home/appuser/.cache/uv,uid=1001,gid=1001 \
    uv --cache-dir=/home/appuser/.cache/uv sync --frozen --no-install-project --no-dev

COPY --chown=1001 main.py main.py
COPY --chown=1001 app/ app/

RUN uv sync --frozen --no-cache --no-dev --compile-bytecode

EXPOSE 8501

HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health

CMD ["streamlit", "run", "main.py", "--server.port=8501", "--server.address=0.0.0.0"]