FROM python:3.13-slim AS base

FROM base AS builder

ARG DEBIAN_FRONTEND="noninteractive"

RUN pip install poetry==1.8.3

ENV PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1 \
    PYTHONPATH=/app \
    POETRY_NO_INTERACTION=1 \
    POETRY_VIRTUALENVS_IN_PROJECT=1 \
    POETRY_VIRTUALENVS_CREATE=1 \
    POETRY_CACHE_DIR=/tmp/poetry_cache

WORKDIR /app

COPY pyproject.toml poetry.lock ./

RUN poetry install --without dev --no-root --compile

FROM base

RUN apt update \
    && apt dist-upgrade -y \
    && apt install -y --no-install-recommends \
    libpango-1.0-0 \
    libpangoft2-1.0-0 \
    libharfbuzz-subset0 \
    && rm -rf /var/lib/apt/lists/*

RUN adduser --system --uid 1000 --group app
USER app

WORKDIR /app

ENV VIRTUAL_ENV=/app/.venv \
    PATH="/app/.venv/bin:$PATH"

COPY --from=builder ${VIRTUAL_ENV} ${VIRTUAL_ENV}

COPY app.py ./

ARG PORT=8080
ENV PORT=$PORT
EXPOSE $PORT

CMD ["sh", "-c", \
    "exec gunicorn --preload \
    --bind 0.0.0.0:${PORT} \
    --workers 2 \
    --threads 2 \
    --worker-tmp-dir /dev/shm \
    --access-logfile - \
    --forwarded-allow-ips '*' \
    app:app"]