FROM python:3.11-slim

# Metadata
LABEL maintainer="your-email@example.com"
LABEL description="Domain-specific email worker for SMTP delivery"

# Non-root user für Security
RUN useradd -m -u 1000 worker && \
    mkdir -p /app && \
    chown -R worker:worker /app

# Boto3 installieren
RUN pip install --no-cache-dir boto3

# Worker Code
COPY --chown=worker:worker worker.py /app/worker.py

WORKDIR /app
USER worker

# Healthcheck
HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
  CMD pgrep -f worker.py || exit 1

# Start worker mit unbuffered output
CMD ["python", "-u", "worker.py"]