FROM python:3.12-slim AS builder

ENV POETRY_VERSION=1.8.4 \
    POETRY_VIRTUALENVS_IN_PROJECT=true \
    PIP_NO_CACHE_DIR=1

RUN pip install --no-cache-dir "poetry==${POETRY_VERSION}"

WORKDIR /app
COPY pyproject.toml poetry.lock* README.md ./
RUN poetry install --only main --no-root

COPY hmrc_sync ./hmrc_sync
COPY alembic ./alembic
COPY alembic.ini ./alembic.ini
RUN poetry install --only main


FROM python:3.12-slim

WORKDIR /app

RUN useradd --system --uid 10002 --home /app --shell /usr/sbin/nologin hmrc

COPY --from=builder --chown=hmrc:hmrc /app /app

ENV PATH="/app/.venv/bin:${PATH}" \
    PYTHONUNBUFFERED=1

EXPOSE 8080
USER hmrc
ENTRYPOINT ["python", "-m", "hmrc_sync"]
CMD ["serve"]