# Dockerfile — Day09: CVE-2025-27520 (BentoML-style insecure deserialization lab)
FROM python:3.11-slim

WORKDIR /opt/day09

# system deps (small)
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    gcc \
    build-essential \
    && rm -rf /var/lib/apt/lists/*

# app + helper scripts
COPY app.py /opt/day09/app.py
COPY entrypoint.sh /opt/day09/entrypoint.sh
COPY requirements.txt /opt/day09/requirements.txt

RUN chmod +x /opt/day09/entrypoint.sh

# install python deps
RUN python -m pip install --no-cache-dir -r /opt/day09/requirements.txt

EXPOSE 8080

ENTRYPOINT ["/opt/day09/entrypoint.sh"]