# 文件传输服务 Docker 镜像 (多阶段构建优化版本)
FROM python:3.11-slim as builder

# 配置阿里云pip镜像源
RUN pip config set global.index-url https://mirrors.aliyun.com/pypi/simple/ \
    && pip config set global.trusted-host mirrors.aliyun.com

# 安装构建依赖
COPY requirements.txt /tmp/
RUN pip install --no-cache-dir --upgrade pip \
    && pip install --no-cache-dir --user -r /tmp/requirements.txt

# 生产镜像
FROM python:3.11-slim

# 设置环境变量
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV HOST=0.0.0.0
ENV PORT=8000
ENV PATH=/root/.local/bin:$PATH

# 配置阿里云apt镜像源
RUN sed -i 's|http://deb.debian.org|http://mirrors.aliyun.com|g' /etc/apt/sources.list.d/debian.sources \
    && sed -i 's|http://security.debian.org|http://mirrors.aliyun.com|g' /etc/apt/sources.list.d/debian.sources

# 安装运行时依赖
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
        curl \
        tini \
        && rm -rf /var/lib/apt/lists/* \
        && apt-get clean

# 从构建阶段复制Python包
COPY --from=builder /root/.local /root/.local

# 设置工作目录
WORKDIR /app

# 复制应用程序代码
COPY . .

# 创建上传目录并设置权限
RUN mkdir -p uploads \
    && chmod 755 uploads

# 创建非root用户
RUN groupadd -r appuser && useradd -r -g appuser appuser \
    && chown -R appuser:appuser /app

# 切换到非root用户
USER appuser

# 暴露端口
EXPOSE 8000

# 健康检查
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:8000/ || exit 1

# 使用tini作为init进程
ENTRYPOINT ["/usr/bin/tini", "--"]

# 启动命令
CMD ["python", "app.py"]