ARG PYTHON_VERSION=3.13-slim

FROM python:${PYTHON_VERSION}

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=on \
    DJANGO_SETTINGS_MODULE=mysite.settings.production

WORKDIR /code

# Create an unprivileged user to run the app
RUN adduser --disabled-password --gecos '' app

COPY requirements.txt /tmp/requirements.txt
RUN set -ex && \
    pip install --upgrade pip && \
    pip install -r /tmp/requirements.txt && \
    rm -rf /root/.cache/

COPY . /code
COPY entrypoint.sh /entrypoint.sh

RUN chmod +x /entrypoint.sh && chown -R app:app /code
USER app

EXPOSE 8000

ENTRYPOINT ["/entrypoint.sh"]
CMD ["gunicorn","--bind",":8000","--workers","2","mysite.wsgi"]
