FROM python:3.13-slim

# Add new user 'user' (non-root)
RUN useradd -m -u 1000 user

# Set working dir to app
ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH
RUN mkdir $HOME/app
WORKDIR $HOME/app

# Switch to root
USER root

# Install nginx and packages.txt
RUN apt-get -y update && apt-get -y install nginx

# Give app permissions to 'user' (non-root)
RUN chown user:user . 

# Give nginx permissions to 'user' (non-root)
RUN mkdir -p /var/cache/nginx \
             /var/log/nginx \
             /var/lib/nginx
RUN touch /var/run/nginx.pid
RUN chown -R user:user /var/cache/nginx \
                       /var/log/nginx \
                       /var/lib/nginx \
                       /var/run/nginx.pid

# Switch to 'user' (non-root)
USER user

# Create the virtual environment as 'user' should have permission on $HOME/app
RUN python3 -m venv /home/user/app/venv

# Ensure the virtual environment is on the path
ENV PATH="/home/user/app/venv/bin:$PATH"

# Install requirements.txt
COPY --chown=user requirements.txt requirements.txt
RUN pip install --no-cache-dir -r requirements.txt

# Copy nginx configuration
COPY --chown=user nginx.conf /etc/nginx/sites-available/default

# Copy app
COPY --chown=user . .

# Run
CMD ["bash", "run.sh"]