FROM ghcr.io/astral-sh/uv:0.9.5-python3.12-trixie-slim

RUN useradd -m -u 1000 user
ENV PATH="/home/user/.local/bin:$PATH"
ENV UV_SYSTEM_PYTHON=1

WORKDIR /app

RUN apt update && apt install -y --no-install-recommends curl unzip gcc g++ \
    && rm -rf /var/lib/apt/lists/*
RUN mkdir -p /app && chown -R user:user /app

COPY --chown=user pyproject.toml uv.lock /app/
COPY --chown=user app.py ./*.txt /app/

RUN chmod -R u+w /app

USER user

RUN uv sync --locked

EXPOSE 7860
HEALTHCHECK --interval=30s --timeout=5s --start-period=30s \
  CMD curl -f http://localhost:7860/ || exit 1

CMD ["uv", "run", "marimo", "run", "app.py", "--no-sandbox", "--include-code", "--host", "0.0.0.0", "--port", "7860"]