FROM python:3.13-slim AS builder

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_DISABLE_PIP_VERSION_CHECK=1 \
    PIP_NO_CACHE_DIR=1

WORKDIR /app

COPY requirements.txt .

RUN python -m venv /opt/venv \
    && /opt/venv/bin/pip install --upgrade pip -i https://pypi.doubanio.com/simple \
    && /opt/venv/bin/pip install -r requirements.txt -i https://pypi.doubanio.com/simple


FROM python:3.13-slim AS runtime

ENV TZ=Asia/Shanghai \
    PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PATH="/opt/venv/bin:$PATH"

WORKDIR /app

RUN addgroup --system app \
    && adduser --system --ingroup app app

COPY --from=builder /opt/venv /opt/venv
COPY . .

# 有 volumes 挂载时用 root 用户，避免日志目录权限问题
# 正式发版（无 volume）时再改回 app 用户
# USER app

EXPOSE 8001

CMD ["python", "main.py", "run", "--env=prod"]