# ===============================
# 1) 构建依赖阶段
# ===============================
FROM uswccr.ccs.tencentyun.com/lessie/python:3.12-slim AS build
WORKDIR /app
# 使用 uv 官方镜像中的二进制文件（不用 pip install uv ）
COPY --from=ghcr.io/astral-sh/uv:latest /uv /uv/bin/uv
# APT 源替换 + 安装依赖（合并为一个 RUN，最大化缓存）
RUN set -eux; \
    sed -i 's@deb.debian.org@mirrors.tuna.tsinghua.edu.cn@g' /etc/apt/sources.list.d/debian.sources; \
    apt-get update; \
    apt-get install -y --no-install-recommends build-essential git; \
    rm -rf /var/lib/apt/lists/*
# 拷贝依赖定义（用于缓存）
COPY uv.lock pyproject.toml ./
# 依赖变更标记（CI 传入 lock 文件 hash，确保依赖变化时重新构建）
ARG DEPS_HASH=""
# 使用 uv 安装依赖（--frozen 确保锁定版本）
RUN echo "deps:${DEPS_HASH}" && /uv/bin/uv sync --frozen --no-dev --no-install-project
# ===============================
# 2) 运行阶段
# ===============================
FROM uswccr.ccs.tencentyun.com/lessie/python:3.12-slim AS runtime
WORKDIR /app
# 设置时区 + 安装 ca-certificates (Kafka SSL 需要)
RUN set -eux; \
    sed -i 's@deb.debian.org@mirrors.tuna.tsinghua.edu.cn@g' /etc/apt/sources.list.d/debian.sources; \
    apt-get update; \
    apt-get install -y --no-install-recommends tzdata ca-certificates; \
    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime; \
    echo "Asia/Shanghai" > /etc/timezone; \
    rm -rf /var/lib/apt/lists/*
# 拷贝 uv、虚拟环境（依赖变更时重新拷贝）
ARG DEPS_HASH=""
COPY --from=build /uv/bin/uv /usr/local/bin/uv
RUN echo "deps:${DEPS_HASH}"
COPY --from=build /app/.venv /app/.venv
# 拷贝代码
COPY . .
ENV APP_ENV=local \
    PYTHONUNBUFFERED=1 \
    PATH="/app/.venv/bin:$PATH"
EXPOSE 8081
CMD ["uv", "run", "main.py"]