FROM python:3.14-slim

ARG VERSION=0.0.0.dev0
ARG INSTALL_CUDA=false

ENV PYTHONUNBUFFERED=1
# CYBORGDB_DB_TYPE defaults to "disk" in the service config; pin the data
# directory to the volume mount point documented in DOCKER-README.md
# (otherwise the disk backend would default to ~/.cyborgdb/data inside the
# container, outside any mounted volume).
ENV CYBORGDB_DISK_PATH=/app/cyborgdb_data

RUN useradd -m -u 1000 cyborguser

WORKDIR /build
COPY . .

# Pre-install PyTorch from the appropriate index to avoid version conflicts.
# CPU builds use the CPU-only wheel; CUDA builds use cu126
RUN if [ "$INSTALL_CUDA" = "true" ]; then \
    pip install --no-cache-dir torch --index-url https://download.pytorch.org/whl/cu126; \
    else \
    pip install --no-cache-dir torch --index-url https://download.pytorch.org/whl/cpu; \
    fi

ARG CACHEBUST=1
RUN --mount=type=secret,id=PIP_INDEX_URL,env=PIP_INDEX_URL \
    SETUPTOOLS_SCM_PRETEND_VERSION=${VERSION} pip install --no-cache-dir \
    ${PIP_INDEX_URL:+--pre} \
    $(if [ "$INSTALL_CUDA" = "true" ]; then echo './cuda[embeddings,kms-aws]'; else echo '.[embeddings,kms-aws]'; fi) && \
    rm -rf /build

WORKDIR /app
RUN mkdir -p /app/cyborgdb_data && chown -R cyborguser:cyborguser /app
USER cyborguser

EXPOSE 8000

CMD ["cyborgdb-service"]