FROM dev.data-turing.cn:14443/library/python:3.13-slim-bookworm AS build
COPY --from=dev.data-turing.cn:14443/library/uv:latest /uv /uvx /bin/
WORKDIR /app
ENV UV_COMPILE_BYTECODE=1 UV_LINK_MODE=copy UV_PYTHON_INSTALL_MIRROR="https://ghfast.top/https://github.com/astral-sh/python-build-standalone/releases/download"
COPY uv.lock pyproject.toml ./
RUN --mount=type=cache,target=/root/.cache/uv \
    uv sync --no-install-project --no-dev
COPY . .

# Frontend dist is expected to be built in CI before docker build.
RUN test -f frontend/dist/index.html

RUN --mount=type=cache,target=/root/.cache/uv \
    uv sync --frozen --no-dev


FROM dev.data-turing.cn:14443/library/python:3.13-slim-bookworm AS runtime
ENV PATH="/app/.venv/bin:$PATH" \
    PYTHONUNBUFFERED=1 \
    HOST="0.0.0.0" \
    PORT="8000" \
    MCP_TAVILY_UPSTREAM_BASE_URL="http://127.0.0.1:8101/mcp"
RUN groupadd -g 1001 appgroup && \
    useradd -u 1001 -g appgroup -m -d /app -s /bin/false appuser
WORKDIR /app
COPY --from=build --chown=appuser:appgroup /app .
USER appuser
EXPOSE 8000
CMD ["python", "-u", "-m", "backend.app"]