# build stage — fetches and builds Honcho from source
# Using buildkit cache mounts for speed across rebuilds
FROM python:3.13-slim-bookworm AS builder

RUN apt-get update && \
    apt-get install -y --no-install-recommends git && \
    rm -rf /var/lib/apt/lists/*

COPY --from=ghcr.io/astral-sh/uv:0.9.24 /uv /bin/uv

# Clone Honcho at a pinned commit for reproducibility
ARG HONCHO_REPO=https://github.com/plastic-labs/honcho
ARG HONCHO_REF=main
RUN git clone --depth 1 --branch ${HONCHO_REF} ${HONCHO_REPO} /app

WORKDIR /app

ENV UV_COMPILE_BYTECODE=1
ENV UV_LINK_MODE=copy

RUN uv sync --frozen

# --- runtime stage ---
FROM python:3.13-slim-bookworm

RUN groupadd --system app && \
    useradd --system --gid app --create-home app

COPY --from=builder /app /app

WORKDIR /app
ENV PATH="/app/.venv/bin:$PATH"
ENV HOME=/app

COPY --chown=app:app config.toml /app/config.toml

USER app
EXPOSE 8000

CMD ["fastapi", "run", "--host", "0.0.0.0", "src/main.py"]
