# Install uv
FROM python:3.13-slim AS builder
COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv

# Change the working directory to the `app` directory
WORKDIR /app

# Install dependencies
RUN --mount=type=cache,target=/root/.cache/uv \
    --mount=type=bind,source=uv.lock,target=uv.lock \
    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
    uv sync --locked --no-install-project --no-editable --no-dev

# Copy the project into the intermediate image
ADD . /app

# Sync the project
RUN --mount=type=cache,target=/root/.cache/uv \
    uv sync --locked --no-editable --no-dev

FROM python:3.13-slim AS runner

# Create a non-root user
RUN groupadd -r app && useradd -r -g app app

# Copy the environment, but not the source code
COPY --from=builder --chown=app:app /app/.venv /app/.venv

# Set working directory
WORKDIR /app

# Switch to non-root user
USER app

EXPOSE 8000

# Run the application
ENTRYPOINT [ "/app/.venv/bin/mcp-ephemeral-k8s" ]
CMD [ "serve", "--transport", "sse", "--host", "0.0.0.0", "--port", "8000" ]
