FROM python:3.12-slim-bookworm

RUN apt-get update && apt-get install -y --no-install-recommends curl ca-certificates \
    && rm -rf /var/lib/apt/lists/*

COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /usr/local/bin/

WORKDIR /app

# Install dependencies first for layer caching (source changes don't invalidate)
COPY pyproject.toml README.md ./
RUN mkdir -p guarddog_nexus && echo '__version__ = "0.1.0"' > guarddog_nexus/__init__.py
RUN uv pip install . --system
RUN uv pip install --system "guarddog>=2.10.0"
RUN rm -rf guarddog_nexus

# Application source (frequently changes — cached dependency layers preserved)
COPY guarddog_nexus/ guarddog_nexus/

RUN mkdir -p /data /tmp/guarddog-nexus

ENV DATABASE_PATH=/data/guarddog.db
ENV TEMP_DIR=/tmp/guarddog-nexus
ENV PYTHONDONTWRITEBYTECODE=1

EXPOSE 8080

HEALTHCHECK --interval=30s --timeout=3s --start-period=15s --retries=3 \
    CMD curl -sf http://localhost:8080/health/dependencies || exit 1

CMD ["python", "-m", "guarddog_nexus.main"]