FROM python:3.13-slim

# Set environment variables
ENV PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1 \
    UV_COMPILE_BYTECODE=1 \
    UV_LINK_MODE=copy \
    PATH="/app/.venv/bin:$PATH" \
    UV_CACHE_DIR=/tmp/uv-cache \
    PLAYWRIGHT_BROWSERS_PATH=/app/.browsers \
    PYDEVD_DISABLE=1 \
    PYDEVD_DISABLE_FILE_VALIDATION=1 \
    PYCHARM_DEBUG="false" \
    PYTEST_CURRENT_TEST="false"

# Install system dependencies for Playwright and runtime
RUN apt-get update && apt-get install -y --no-install-recommends \
    # Core utilities
    ca-certificates \
    curl \
    # Playwright runtime dependencies
    fonts-liberation \
    libnss3 \
    libatk-bridge2.0-0 \
    libdrm2 \
    libxkbcommon0 \
    libxcomposite1 \
    libxdamage1 \
    libxrandr2 \
    libgbm1 \
    libasound2 \
    libcups2t64 \
    libxfixes3 \
    libcairo2 \
    libpango-1.0-0 \
    && rm -rf /var/lib/apt/lists/*

# Install UV package manager
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv

# Create non-root user with home directory and set up directories
RUN groupadd -r appuser && useradd -r -g appuser -d /home/appuser -m appuser \
    && mkdir -p /app \
    && mkdir -p /app/.browsers \
    && mkdir -p /home/appuser/.cache \
    && chown -R appuser:appuser /app /home/appuser

# Switch to non-root user for dependency installation
USER appuser

# Set working directory
WORKDIR /app

# Copy dependency files
COPY --chown=appuser:appuser pyproject.toml ./
COPY --chown=appuser:appuser uv.lock ./

# Install Python dependencies using UV
RUN if [ "$USE_PROXY" = "1" ]; then \
        uv sync --frozen --no-dev --no-install-project --index-url https://pypi.tuna.tsinghua.edu.cn/simple/; \
    else \
        uv sync --frozen --no-dev --no-install-project; \
    fi && \
    rm -rf "$UV_CACHE_DIR"

# Switch back to root user to install Playwright system dependencies
USER root

# Install Playwright system dependencies for chromium
RUN /app/.venv/bin/playwright install-deps chromium

# Switch to appuser to install browsers (must be done by the user who will run them)
USER appuser

# Install Playwright browsers to the shared path
RUN /app/.venv/bin/playwright install chromium

# Switch back to root for final cleanup
USER root

# Ensure browser cache directory has correct permissions for appuser
RUN chmod -R 755 /app/.browsers

# Label the image
LABEL maintainer="kami-spider-team" \
      version="1.0.0" \
      description="Complete base image for kami_spider applications with Python, UV, all dependencies and Playwright browsers"