FROM python:3.14 AS baustelle
RUN mkdir /app
WORKDIR /app
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
RUN pip install  --upgrade pip
COPY requirements.txt /app/
RUN pip install --no-cache-dir -r requirements.txt

FROM python:3.14-slim
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        libjpeg62-turbo \
        libopenjp2-7 \
        libtiff6 \
        libwebp7 \
        libwebpdemux2 \
        libwebpmux3 \
        libxcb1 \
        libfreetype6 \
        liblcms2-2 \
        libharfbuzz0b \
        libfribidi0 \
        zlib1g && \
    rm -rf /var/lib/apt/lists/* && \
    useradd -m -r -u 99 appuser && \
    mkdir /app && \
    chown -R appuser /app

COPY --from=baustelle /usr/local/lib/python3.14/site-packages/ /usr/local/lib/python3.14/site-packages/
COPY --from=baustelle /usr/local/bin/ /usr/local/bin/
RUN rm /usr/bin/tar /usr/lib/x86_64-linux-gnu/libncur*
WORKDIR /app
COPY --chown=appuser:appuser . .
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
USER appuser
EXPOSE 8000
RUN rm -rvf /app/Dockerfile* \
           /app/README.md \
           /app/argocd \
           /app/k8s \
           /app/data-loader \
           /app/keys \
           /app/requirements.txt \
           /app/node_modules \
           /app/*.json \
           /app/test_*.py && \
       python3 /app/manage.py collectstatic --noinput
CMD ["sh", "-c", "python manage.py thumbnail clear && gunicorn --bind 0.0.0.0:8000 --workers 3 labhelper.wsgi:application"]