From 140ca2d2e5390e27f397dc2142bee9d884677c24 Mon Sep 17 00:00:00 2001
From: Jay <jayo60013@gmail.com>
Date: Tue, 31 Mar 2026 10:47:22 +0100
Subject: [PATCH] Add Dockerfile

---
 .gitea/workflows/docker.yaml | 26 +++++++++++++++++++++++
 Dockerfile                   | 40 ++++++++++--------------------------
 2 files changed, 37 insertions(+), 29 deletions(-)
 create mode 100644 .gitea/workflows/docker.yaml

diff --git a/.gitea/workflows/docker.yaml b/.gitea/workflows/docker.yaml
new file mode 100644
index 0000000..cf0b887
--- /dev/null
+++ b/.gitea/workflows/docker.yaml
@@ -0,0 +1,26 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches: [ "main" ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Login to Gitea Registry
+        run: |
+          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login gitea.umbra.mom \
+            -u "${{ secrets.REGISTRY_USER }}" --password-stdin
+
+      - name: Build image
+        run: |
+          docker build -t gitea.umbra.mom/jay/pub-quiz:latest .
+
+      - name: Push image
+        run: |
+          docker push gitea.umbra.mom/jay/pub-quiz:latest
diff --git a/Dockerfile b/Dockerfile
index 84a4b81..b52518e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,40 +1,22 @@
-# syntax=docker/dockerfile:1
-FROM python:3.13-slim
-
-# Pull uv binary from the official image (no pip overhead)
-COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /usr/local/bin/
-
-# Non-root user for security
-RUN adduser --disabled-password --no-create-home appuser
+FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
 
 WORKDIR /app
 
-# Install dependencies first (layer is cached unless lock file changes)
+# Copy dependency files first (better caching)
 COPY pyproject.toml uv.lock ./
-RUN uv sync --frozen --no-dev --no-install-project
 
-# Copy application source
-COPY src/ ./src/
+# Install dependencies into project environment
+RUN uv sync --frozen --no-dev
 
-# data.csv is NOT baked into the image — it is mounted at runtime via docker-compose
-# so updates to the CSV don't require a rebuild.
+# Copy app source
+COPY . .
 
-RUN chown -R appuser:appuser /app
-USER appuser
-
-# WORKDIR=/app  → gunicorn CWD is /app → data.csv resolves to /app/data.csv (mounted volume)
-# PYTHONPATH=/app/src → 'app' module resolves to src/app.py
+ENV PYTHONUNBUFFERED=1
 ENV PYTHONPATH=/app/src
+ENV DATA_CSV_PATH=/app/data.csv
+ENV UV_PROJECT_ENVIRONMENT=/app/.venv
+ENV UV_LINK_MODE=copy
 
 EXPOSE 8000
 
-HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
-    CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:8000')"
-
-CMD ["uv", "run", "--no-dev", "gunicorn", \
-     "--workers", "2", \
-     "--bind", "0.0.0.0:8000", \
-     "--access-logfile", "-", \
-     "--error-logfile", "-", \
-     "app:app"]
-
+CMD ["uv", "run", "gunicorn", "--workers", "2", "--bind", "0.0.0.0:8000", "app:app"]