FROM ghcr.io/astral-sh/uv:0.9-python3.12-alpine AS builder

WORKDIR /app

RUN apk update \
    && apk add gcc python3-dev musl-dev linux-headers

RUN --mount=type=cache,target=/root/.cache/uv \
    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
    uv sync --no-install-workspace

ADD . /app

RUN --mount=type=cache,target=/root/.cache/uv \
    uv sync --locked

FROM docker:29.1.3-cli

ENV USER=karl
ENV GROUPNAME=docker
ENV UID=1000
ENV GID=994
ENV PYTHONPATH="/app"

EXPOSE 8081
WORKDIR /app
ENTRYPOINT ["/app/.venv/bin/python"]

RUN addgroup \
    --gid "$GID" \
    "$GROUPNAME" \
&&  adduser \
    --disabled-password \
    --gecos "" \
    --home "$(pwd)" \
    --ingroup "$GROUPNAME" \
    --no-create-home \
    --uid "$UID" \
    $USER

RUN apk update --no-cache \
    && apk add --no-cache git python3

COPY --from=builder --chown=app:app /app/.venv /app/.venv
COPY --from=builder --chown=app:app /app/src /app/src

USER $USER

CMD ["/app/src/karl/__init__.py"]