# ./backend/Dockerfile

# Use an official Python runtime as a parent image
FROM python:3.12-slim

# --- Add arguments for user/group IDs ---
ARG UID=1000
ARG GID=1000

# Set environment variables
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1

# Set work directory
WORKDIR /app

# --- Create a non-root user and group ---
RUN groupadd -g $GID -o archivist && \
    useradd -u $UID -g $GID -o -m -s /bin/bash archivist
    # -o allows reusing UID/GID if needed, -m creates home dir, -s sets shell

# Install Python dependencies
# Copy only requirements first to leverage Docker cache
COPY requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt

# Copy the entrypoint script first
COPY --chown=archivist:archivist ./entrypoint.sh /app/entrypoint.sh

# Ensure it's executable inside the container too
RUN chmod +x /app/entrypoint.sh

# Copy the rest of the backend source code
COPY --chown=archivist:archivist . .

# --- Swithc the user to the archivist user ---
USER archivist

# Set the entrypoint script
ENTRYPOINT ["/app/entrypoint.sh"]

# Set the default command that the entrypoint will execute if none is provided by compose
# This is useful if you run the image directly without compose sometimes
CMD ["python", "manage.py", "runserver", "0.0.0.0:8080"]