# build stage: export locked dependencies
FROM ghcr.io/astral-sh/uv:0.8-python3.13-bookworm AS build

WORKDIR /app
RUN apt-get update && apt-get install -y --no-install-recommends git && \
    rm -rf /var/lib/apt/lists/*

COPY . .

RUN uv export --no-editable --no-emit-project --locked \
    --format requirements.txt -o requirements.txt
RUN uv build --wheel

# install stage: install dependencies into virtualenv
FROM python:3.13 AS install

WORKDIR /app
COPY --from=build /app/requirements.txt /app
COPY --from=build /app/dist/*.whl /app

RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"

RUN pip install --no-cache-dir -r requirements.txt
RUN pip install --no-cache-dir --no-deps *.whl

# final stage: minimal runtime image
FROM python:3.13-slim

COPY --from=install /opt/venv /opt/venv

RUN groupadd --gid 1000 sega && \
    useradd --uid 1000 --gid 1000 -m sega

USER sega

ENV PATH="/opt/venv/bin:$PATH"

ENTRYPOINT ["sega"]
