# Stage 1: Builder (optional but good for native deps or compile-time tasks)
FROM python:3.12-slim AS builder

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1

WORKDIR /install

# Optional: install build dependencies if your requirements need it
# RUN apt-get update && apt-get install -y build-essential libpq-dev && rm -rf /var/lib/apt/lists/*

COPY requirements.txt .
RUN pip install --prefix=/install --no-cache-dir -r requirements.txt

# Stage 2: Final image
FROM python:3.12-slim

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1

# Add non-root user
RUN adduser --disabled-password --no-create-home --gecos "" appuser

WORKDIR /usr/src/app

# Copy installed packages
COPY --from=builder /install /usr/local

# Copy source code
COPY . .

USER appuser

CMD ["python", "majordomo.py"]