FROM ghcr.io/astral-sh/uv:python3.14-trixie-slim AS builder

ENV PYTHONUNBUFFERED=1 \
    UV_COMPILE_BYTECODE=1 \
    UV_LINK_MODE=copy \
    UV_PYTHON_DOWNLOADS=0 \
    UV_CACHE_DIR=/root/.cache/uv

WORKDIR /app

RUN --mount=type=cache,target=/root/.cache/uv \
    --mount=type=bind,source=uv.lock,target=uv.lock \
    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
    uv sync --locked --no-install-project --no-dev

COPY ./uv.lock ./pyproject.toml ./README.md ./LICENSE /app/
COPY ./core_framework /app/core_framework
COPY ./alembic /app/alembic

RUN --mount=type=cache,target=/root/.cache/uv \
    uv sync --locked --no-dev

FROM python:3.14.3-slim-trixie AS runtime-base

RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser

WORKDIR /app

COPY --from=builder --chown=appuser:appgroup /app/.venv /app/.venv
COPY --from=builder --chown=appuser:appgroup /app/core_framework /app/core_framework

ENV PATH="/app/.venv/bin:$PATH" \
    PYTHONPATH="/app" \
    PYTHONUNBUFFERED=1

FROM runtime-base AS api

COPY --from=builder --chown=appuser:appgroup /app/alembic /app/alembic

ENV APP_PORT=8000 \
    WORKERS=1

USER appuser

EXPOSE 8000

HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD python -c "import os, urllib.request; urllib.request.urlopen(f'http://localhost:{os.environ[\"APP_PORT\"]}/health').read()" || exit 1

CMD ["sh", "-c", "exec fastapi run core_framework/asgi.py --port \"$APP_PORT\" --workers \"$WORKERS\""]

FROM runtime-base AS worker

USER appuser

CMD ["arq", "core_framework.worker.main.WorkerSettings"]
