FROM ubuntu:resolute AS builder

WORKDIR /app

RUN apt update && apt --no-install-recommends install -y git && apt-get clean

COPY --from=ghcr.io/astral-sh/uv:0.10.8@sha256:88234bc9e09c2b2f6d176a3daf411419eb0370d450a08129257410de9cfafd2a /uv /usr/local/bin/uv

# Keep full repository in builder so hatch-vcs sees a clean tracked worktree.
COPY . .

# Install with Python in a portable location
ENV UV_PYTHON_INSTALL_DIR=/app/.python
RUN uv sync --frozen --no-editable --python 3.14 --managed-python --package jobbergate-agent --no-dev

FROM ubuntu:resolute AS runner

WORKDIR /app

RUN apt update && apt --no-install-recommends install -y tzdata \
    && rm -rf /var/lib/apt/lists/* \
    && groupadd --system appuser \
    && useradd --system --create-home --gid appuser appuser

# Copy virtual environment and uv-managed Python from builder
COPY --from=builder /app/.venv .venv
COPY --from=builder /app/.python .python
COPY --from=builder /app/jobbergate-agent/README.md README.md
COPY --from=builder /app/jobbergate-agent/LICENSE LICENSE

ENV PATH="/app/.venv/bin:$PATH"

# Change ownership of /app to the new user and switch to it
RUN chown -R appuser:appuser /app
USER appuser

ENTRYPOINT ["/app/.venv/bin/jg-run"]
