FROM python:3.11-slim

ENV PYTHONUNBUFFERED=1

# 1) Install build deps, netcat, curl—and gosu for privilege dropping
RUN apt-get update \
 && apt-get install -y \
      gcc \
      default-libmysqlclient-dev \
      pkg-config \
      netcat-openbsd \
      curl \
      gosu \
 && rm -rf /var/lib/apt/lists/*

WORKDIR /app

# 2) Copy & install Python requirements
COPY requirements.txt .
RUN pip install --upgrade pip \
 && pip install -r requirements.txt

# 3) Copy the rest of the app
COPY . .

# 4) Create the non-root user and make sure the upload dir exists and is chown’d
RUN groupadd -g 1000 appuser \
 && useradd -u 1000 -ms /bin/bash -g appuser appuser \
 && mkdir -p /app/data/uploads \
 && chown -R appuser:appuser /app/data/uploads

# 5) Install the entrypoint (keep this as root so it can chown the volume at runtime)
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

ENTRYPOINT ["/entrypoint.sh"]
CMD ["flask", "run", "--host=0.0.0.0"]