# See https://testdriven.io/blog/docker-best-practices/ for recommendations
# on writing dockerfiles for python projects.

# We use a build stage to build a wheel which we then copy and install
# in the second stage to minimize image size. This is mostly needed
# because setuptools_scm needs the full version info from git and git
# itself but including that in the final image would bloat its size.

# we are using the official python image with just a version tag here
# it comes with many tools needed to build and compile python packages
# which increases it's size but is helpful for building
FROM  harbor.cta-observatory.org/proxy_cache/python:3.12 AS builder
SHELL ["/bin/bash", "-c"]

WORKDIR /repo

ARG SETUPTOOLS_SCM_PRETEND_VERSION_FOR_CTAO_QUALPIPE_WEBAPP=0.0.0
ENV SETUPTOOLS_SCM_PRETEND_VERSION_FOR_CTAO_QUALPIPE_WEBAPP=$SETUPTOOLS_SCM_PRETEND_VERSION_FOR_CTAO_QUALPIPE_WEBAPP

# Add requirements to build dependency wheels
ARG REQUIREMENTS=src/qualpipe_webapp/backend/requirements.txt
COPY ${REQUIREMENTS} /repo/${REQUIREMENTS}
# Copy source to run codegen during build
COPY . /repo/

# build the application wheel and dependency wheels
# hadolint ignore=DL3008
RUN apt-get update && apt-get install -y --no-install-recommends git \
    && git config --global submodule.aiv-toolkit.update none \
    && python -m pip wheel --no-cache-dir --wheel-dir ./dist -r ${REQUIREMENTS} \
    && python -m pip install --no-cache-dir --no-index --find-links ./dist -r ${REQUIREMENTS} \
    && python -m pip install --no-cache-dir --no-deps /repo/ \
    && rm -rf /var/lib/apt/lists/*


# second stage, copy and install wheel
# We are using the official python 3.12 image
# as base image in the slim variant to reduce image size.
FROM  harbor.cta-observatory.org/proxy_cache/python:3.12-slim
COPY --from=builder /repo/dist /tmp/dist

# Install all wheels (application and dependencies)
# Since the builder stage already resolved and built all dependencies (including from git),
# we can use --no-deps to install all wheels and prevent pip from parsing git URLs in package metadata.
RUN python -m pip install --no-cache-dir --no-deps /tmp/dist/*.whl \
    && rm -rf /tmp/dist \
    && addgroup --system ctao \
    && adduser --system --group ctao

# Set numba cache dir to a writeable location for the ctao user
ENV NUMBA_CACHE_DIR=/tmp/numba_cache

USER ctao

WORKDIR /app
# Copy application code (including pre-generated models from CI artifacts)
COPY --chown=root:root --chmod=755 src/qualpipe_webapp/backend /app/backend/
COPY --from=builder --chown=root:root --chmod=755 /repo/src/qualpipe_webapp/backend/generated /app/backend/generated

ENV PORT=8000
CMD ["sh", "-c", "python -m uvicorn backend.main:app --host 0.0.0.0 --port $PORT --reload"]
