FROM node:20-bookworm-slim AS assets

WORKDIR /opt/hw

COPY package.json package-lock.json ./
RUN npm ci

COPY app/static/src ./app/static/src
COPY app/templates ./app/templates
RUN mkdir -p ./app/static/css && npm run build:css

FROM python:3.13-slim-bookworm

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1

WORKDIR /opt/hw

RUN groupadd --system --gid 10001 hw \
    && useradd --system --uid 10001 --gid 10001 --create-home --home-dir /opt/hw hw

COPY requirements.txt ./requirements.txt
RUN pip install -r requirements.txt

COPY . .
COPY --from=assets /opt/hw/app/static/css/main.css /opt/hw/app/static/css/main.css

RUN chmod +x /opt/hw/docker/entrypoint.sh \
    && mkdir -p /opt/hw/instance/csv_previews \
    && chown -R hw:hw /opt/hw

USER hw

EXPOSE 8000

HEALTHCHECK --interval=30s --timeout=5s --start-period=20s --retries=3 CMD python -c "import json, urllib.request; payload = json.load(urllib.request.urlopen('http://127.0.0.1:8000/health', timeout=3)); raise SystemExit(0 if payload.get('status') == 'ok' else 1)"

ENTRYPOINT ["/opt/hw/docker/entrypoint.sh"]