FROM containers.torproject.org/tpo/tpa/base-images/python:trixie

ARG UID
ARG GID

ENV PYTHONFAULTHANDLER=1 \
  PYTHONUNBUFFERED=1 \
  PIP_DISABLE_PIP_VERSION_CHECK=on \
  PIP_DEFAULT_TIMEOUT=100 \
  WORKDIR=/home/sbws/app \
  VIRTUAL_ENV=/home/sbws/venv \
  HOME=/home/sbws \
  PATH="/home/sbws/venv/bin:$PATH"

# run-time dependencies
RUN apt-get update && \
  apt-get install -y --no-install-recommends \
    tor python3.13-venv cron && \
  apt-get clean && \
  rm -rf /var/lib/apt/lists/* && \
  echo $HOME

# Create unprivileged sbws user/group
RUN groupadd -r -g $GID sbws && \
  useradd --no-log-init -r -m -u $UID -g sbws sbws

COPY ./docker/sbws.cron /etc/cron.d/sbws.cron
RUN chmod 0644 /etc/cron.d/sbws.cron && crontab /etc/cron.d/sbws.cron

# Work in application directory
WORKDIR /home/sbws/app

# Switch to sbws user
USER sbws

# Copy all project files (minus those ignored)
COPY --chown=sbws:sbws . .

# Create virtualenv and install sbws
# then make home directory owned by the right user
RUN --mount=type=cache,uid=$UID,gid=$GID,target=/cache \
  python3 -m venv /home/sbws/venv && \
  PIP_CACHE_DIR=/cache/pip \
  pip install .
# ENV HOME /home/sbws
# Launch the app
CMD ["sbws", "scanner"]
