FROM python:3.12-slim-bookworm

# --- Install uv (pinned for reproducibility) ---
COPY --from=ghcr.io/astral-sh/uv:0.10.8 /uv /uvx /bin/

WORKDIR /app

# Create non-root user with explicit UID/GID 1000
RUN addgroup --gid 1000 appgroup && \
    adduser --uid 1000 --gid 1000 --disabled-password --gecos "" appuser

# Install system dependencies:
#   - git: required to fetch util-services from GitLab (tool.uv.sources)
#   - build-essential / gcc / g++ / python3-dev / cmake: native extensions
#     (scrubadub-spacy → spaCy, pycanon, etc.)
#   - curl: optional healthcheck / runtime tooling
RUN apt-get update && apt-get upgrade -y \
    && apt-get install -y --no-install-recommends \
    build-essential=12.9 \
    cmake=3.25.1-1 \
    gcc=4:12.2.0-3 \
    g++=4:12.2.0-3 \
    python3-dev=3.11.2-1+b1 \
    git=1:2.39.5-0+deb12u3 \
    curl=7.88.1-10+deb12u14 \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/* \
    && rm -rf /tmp/* \
    && rm -rf /var/tmp/*

# Pre-own /app so appuser can write to it
RUN chown -R appuser:appgroup /app

# Copy project metadata and source
COPY pyproject.toml .
COPY uv.lock .
COPY src/ ./src/

# uv environment knobs:
#   UV_COMPILE_BYTECODE  → compile .pyc files at install time for faster cold start
#   UV_LINK_MODE=copy    → copy files instead of symlinks (required in Docker layers)
#   UV_SYSTEM_PYTHON=1   → install into the system Python (no extra venv needed)
ENV UV_COMPILE_BYTECODE=1
ENV UV_LINK_MODE=copy
ENV UV_SYSTEM_PYTHON=1

# Install the project and all dependencies, respecting [tool.uv.sources]
# (git source for util-services and pytorch-cpu index for torch)
# BuildKit cache mount keeps the uv package cache across builds
RUN --mount=type=cache,target=/root/.cache/uv \
    uv sync --frozen --no-dev

ENV PYTHONPATH="/app/src"

# Make /app writable for the non-root user (e.g. spaCy model downloads)
RUN chown -R 1000:1000 /app && chmod -R u+w /app

# Provide a real home directory for appuser
RUN mkdir -p /home/appuser && chown -R 1000:1000 /home/appuser
ENV HOME=/home/appuser

USER appuser

# Sanity-check: fail the build early if the dagster CLI is missing
RUN dagster --version

EXPOSE 4000

CMD ["dagster", "code-server", "start", "-h", "0.0.0.0", "-p", "4000", "-f", "src/template_code_location/repository.py"]