# syntax=docker/dockerfile:1

# ===== STAGE 1: Builder =====
FROM python:3.12-slim AS builder

WORKDIR /build

# Instala dependências em virtualenv isolado
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"

COPY requirements.txt .

# Cache de pip para builds mais rápidas
RUN --mount=type=cache,target=/root/.cache/pip \
    pip install --upgrade pip && \
    pip install -r requirements.txt

# ===== STAGE 2: Production =====
FROM python:3.12-slim AS production

# Variáveis de ambiente Python otimizadas
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PATH="/opt/venv/bin:$PATH"

WORKDIR /app

# Copia virtualenv do builder
COPY --from=builder /opt/venv /opt/venv

# Copia código fonte
COPY src ./src

# Cria usuário não-root
RUN useradd --system --no-create-home --uid 1001 appuser && \
    chown -R appuser:appuser /app

USER appuser

EXPOSE 8000

# Uvicorn com workers otimizados
CMD ["uvicorn", "src.main:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "1"]