ARG PYTHON_VERSION=3.13
FROM python:${PYTHON_VERSION}-slim AS base

RUN apt-get update && apt-get upgrade -y && rm -rf /var/lib/apt/lists/*

COPY --from=ghcr.io/astral-sh/uv:0.10 /uv /uvx /bin/

# Create non-root user with UID 1000 to match Kubernetes securityContext
RUN groupadd -g 1000 affinity_mcp && useradd -u 1000 -g affinity_mcp affinity_mcp
USER affinity_mcp

WORKDIR /home/affinity_mcp/app

ENV UV_LINK_MODE=copy
ENV UV_HTTP_TIMEOUT=120

# Install production dependencies using BuildKit cache mounts for faster rebuilds
RUN --mount=type=cache,target=/home/affinity_mcp/.cache/uv,uid=1000,gid=1000 \
    --mount=type=bind,source=uv.lock,target=uv.lock \
    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
    uv sync \
    --no-progress \
    --frozen \
    --compile-bytecode \
    --no-group dev \
    --no-install-project

# ── test stage ────────────────────────────────────────────────────────────────
FROM base AS test

# Bypass uv-dynamic-versioning (no git in Docker build context)
ARG APP_VERSION=0.0.0.dev0
ENV UV_DYNAMIC_VERSIONING_BYPASS=${APP_VERSION}

# Install dev dependencies only — cacheable layer, no source needed
RUN --mount=type=cache,target=/home/affinity_mcp/.cache/uv,uid=1000,gid=1000 \
    --mount=type=bind,source=uv.lock,target=uv.lock \
    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
    uv sync \
        --no-progress \
        --frozen \
        --compile-bytecode \
        --no-install-project

COPY --chown=affinity_mcp:affinity_mcp pyproject.toml uv.lock README.md LICENSE ./
COPY --chown=affinity_mcp:affinity_mcp .env.test ./
COPY --chown=affinity_mcp:affinity_mcp src/ ./src/
COPY --chown=affinity_mcp:affinity_mcp tests/ ./tests/

# Install the project itself (editable, fast — deps already cached above)
RUN --mount=type=cache,target=/home/affinity_mcp/.cache/uv,uid=1000,gid=1000 \
    uv sync \
        --no-progress \
        --frozen \
        --compile-bytecode

ENV PATH="/home/affinity_mcp/app/.venv/bin:$PATH"
ENV UV_NO_SYNC=true

CMD ["pytest", "tests"]

# ── production stage ───────────────────────────────────────────────────────────
FROM base AS production

# Required: pass --build-arg APP_VERSION=x.y.z to set the app version for uv-dynamic-versioning
ARG APP_VERSION
ENV UV_DYNAMIC_VERSIONING_BYPASS=${APP_VERSION}

# Copy source code
COPY --chown=affinity_mcp:affinity_mcp pyproject.toml uv.lock README.md LICENSE ./
COPY --chown=affinity_mcp:affinity_mcp src/ ./src/

# Install the project itself
RUN --mount=type=cache,target=/home/affinity_mcp/.cache/uv,uid=1000,gid=1000 \
    uv sync \
    --no-progress \
    --frozen \
    --compile-bytecode \
    --no-editable \
    --no-group dev \
    --group hosted

ENV PATH="/home/affinity_mcp/app/.venv/bin:$PATH"

# Prevent uv run from modifying the environment at runtime
ENV UV_NO_SYNC=true
ENV UV_NO_DEV=true

EXPOSE 8000

CMD ["uvicorn", "affinity_mcp.server:create_http_app", "--factory", "--host", "0.0.0.0", "--port", "8000", "--no-access-log"]

# ── dev stage ───────────────────────────────────────────────────────────
FROM production AS dev
COPY --chown=affinity_mcp:affinity_mcp .env.dev ./.env
