ARG PYTHONTAG=3.11.9-slim-bookworm
FROM docker.io/library/python:${PYTHONTAG} as base-upstream

FROM base-upstream as base
SHELL [ "/bin/sh", "-ec" ]

COPY /Dockerfile.base /usr/local/share/

## - remove duplicate "/usr/local/bin" (fixes upstream image)
## - remove /sbin and /bin (/usr is merged)
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin

ENV MALLOC_ARENA_MAX=2 \
    PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1

COPY /scripts/* /usr/local/sbin/

COPY /apt/sources.debian /etc/apt/sources.list.d/debian.sources

RUN apt-env.sh apt-get update ; \
    apt-env.sh apt-get upgrade -y ; \
    apt-env.sh dpkg -P \
      e2fsprogs \
      libext2fs2 \
      libss2 \
      logsave \
    ; apt-clean.sh

RUN pip-env.sh pip list --format freeze \
    | grep -F '==' | awk -F= '{print $1}' \
    | xargs -r pip-env.sh pip install -U ; \
    pip-clean.sh /usr/local

RUN site_packages=$(python3 -c 'import site;print(site.getsitepackages()[0])') ; \
    libpython=$(dirname "${site_packages}") ; \
    rm -rf \
      "${libpython}/ensurepip/_bundled" \
      "${libpython}/turtledemo" \
    ; \
    find "${libpython}/" -maxdepth 1 -type f -name '*.py' -exec python3 -m compileall -q -j 2 {} + ; \
    find "${libpython}/" -mindepth 1 -maxdepth 1 -type d -printf '%P\0' \
    | sed -zE '^(__pycache__|site-packages|__phello__|ensurepip|lib2to3|pydoc.*|tkinter|unittest)$/d' \
    | env -C "${libpython}" xargs -0r python3 -m compileall -q -j 2

RUN rm -f /root/.wget-hsts ; \
    find /usr/local/sbin/ ! -type d -name '*.sh' -delete

ENTRYPOINT [ ]
CMD [ "bash" ]