# Use a stable base image
FROM python:3.12-slim

# Basic Python environment settings
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

# Working directory for build and installation
WORKDIR /workspace

# Install system build dependencies (no extra docs/tools)
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
       build-essential \
       libffi-dev \
       libssl-dev \
    && rm -rf /var/lib/apt/lists/*

# Copy packaging metadata and source
COPY pyproject.toml setup.py ./
COPY src/ ./src/
COPY verify.py /workspace/verify.py

# Build and install the project in editable mode with test extras
RUN python -m pip install --upgrade pip setuptools wheel
RUN pip install -e .[test]

# Create a non-root user for runtime
RUN groupadd -r appuser && useradd -m -r -s /bin/bash -g appuser appuser

# Ensure workspace is owned by the non-root user
RUN mkdir -p /workspace && chown -R appuser:appuser /workspace

USER appuser

# Verification on startup
CMD ["python", "verify.py"]