# syntax=docker/dockerfile:1.6
#
# This Dockerfile is used to build the OGX container image.
# Supports multi-architecture builds: linux/amd64, linux/arm64, and more
#
# Single-architecture build example:
# docker build \
#   -f containers/Containerfile \
#   --build-arg DISTRO_NAME=starter \
#   --tag ogx:starter .
#
# Multi-arch build and push example (creates a container index / manifest list):
# docker buildx build --platform linux/amd64,linux/arm64 \
#   --push \
#   -f containers/Containerfile \
#   --build-arg DISTRO_NAME=starter \
#   --tag docker.io/ogxai/distribution-starter:latest .

ARG BASE_IMAGE=python:3.12-slim
# Buildx automatically handles platform selection for the base image when --platform is specified
FROM ${BASE_IMAGE}

ARG INSTALL_MODE="pypi"
ARG OGX_DIR="/workspace"
ARG OGX_CLIENT_DIR=""
ARG PYPI_VERSION=""
ARG TEST_PYPI_VERSION=""
ARG KEEP_WORKSPACE=""
ARG DISTRO_NAME="starter"
# PyPI package to install (e.g. "ogx", or "llama-stack" for pre-rename releases).
ARG PACKAGE_NAME="ogx"
# CLI binary the package provides (e.g. "ogx", or "llama" for llama-stack).
ARG CLI_NAME="ogx"
# Tolerate failures of the OpenTelemetry per-library bootstrap. Used when
# backfilling older releases whose pinned deps conflict with the latest
# auto-instrumentation packages. The default ("") keeps the bootstrap strict.
ARG OTEL_BEST_EFFORT=""
ARG RUN_CONFIG_PATH=""
ARG UV_HTTP_TIMEOUT=500
ARG UV_EXTRA_INDEX_URL=""
ARG UV_INDEX_STRATEGY=""
ARG PIP_CONSTRAINT_FILE=""
ENV UV_HTTP_TIMEOUT=${UV_HTTP_TIMEOUT}
ENV PYTHONDONTWRITEBYTECODE=1
ENV PIP_DISABLE_PIP_VERSION_CHECK=1
WORKDIR /app

RUN set -eux; \
    if command -v dnf >/dev/null 2>&1; then \
        dnf -y update && \
        dnf install -y iputils git net-tools wget \
            vim-minimal python3.12 python3.12-pip python3.12-wheel \
            python3.12-setuptools python3.12-devel gcc gcc-c++ make && \
        ln -sf /usr/bin/pip3.12 /usr/local/bin/pip && \
        ln -sf /usr/bin/python3.12 /usr/local/bin/python && \
        dnf clean all; \
    elif command -v apt-get >/dev/null 2>&1; then \
        apt-get update && \
        apt-get install -y --no-install-recommends \
            iputils-ping net-tools iproute2 dnsutils telnet \
            curl wget git procps psmisc lsof traceroute bubblewrap \
            gcc g++ && \
        rm -rf /var/lib/apt/lists/*; \
    else \
        echo "Unsupported base image: expected dnf or apt-get" >&2; \
        exit 1; \
    fi

RUN pip install --no-cache uv
ENV UV_SYSTEM_PYTHON=1

ENV INSTALL_MODE=${INSTALL_MODE}
ENV OGX_DIR=${OGX_DIR}
ENV OGX_CLIENT_DIR=${OGX_CLIENT_DIR}
ENV PYPI_VERSION=${PYPI_VERSION}
ENV TEST_PYPI_VERSION=${TEST_PYPI_VERSION}
ENV KEEP_WORKSPACE=${KEEP_WORKSPACE}
ENV DISTRO_NAME=${DISTRO_NAME}
ENV PACKAGE_NAME=${PACKAGE_NAME}
ENV CLI_NAME=${CLI_NAME}
ENV RUN_CONFIG_PATH=${RUN_CONFIG_PATH}

# Copy the repository so editable installs and run configurations are available.
COPY . /workspace

# Install the client package if it is provided
# NOTE: this is installed before ogx since ogx depends on ogx-client-python
# Unset UV index env vars to ensure we only use PyPI for the client
RUN set -eux; \
    unset UV_EXTRA_INDEX_URL UV_INDEX_STRATEGY; \
    if [ -n "$OGX_CLIENT_DIR" ]; then \
        if [ ! -d "$OGX_CLIENT_DIR" ]; then \
            echo "OGX_CLIENT_DIR is set but $OGX_CLIENT_DIR does not exist" >&2; \
            exit 1; \
        fi; \
        uv pip install --no-cache -e "$OGX_CLIENT_DIR"; \
    fi;

# Install ogx
# Use UV_EXTRA_INDEX_URL inline only for editable install with RC dependencies
# When a version is pinned, also pin the matching API package. The meta package
# depends on "<package>-api" without a version constraint, so an unpinned install
# would resolve to the latest API package, which is incompatible with older
# meta-package releases (e.g. llama-stack 0.5.2 + llama-stack-api 0.7.x).
# The API package is installed first and best-effort: very old releases
# (e.g. llama-stack < 0.4.0) bundled the API in the meta package and have no
# separate "<package>-api" distribution, so a missing pin is not an error.
RUN set -eux; \
    SAVED_UV_EXTRA_INDEX_URL="${UV_EXTRA_INDEX_URL:-}"; \
    SAVED_UV_INDEX_STRATEGY="${UV_INDEX_STRATEGY:-}"; \
    unset UV_EXTRA_INDEX_URL UV_INDEX_STRATEGY; \
    if [ "$INSTALL_MODE" = "editable" ]; then \
        if [ ! -d "$OGX_DIR" ]; then \
            echo "INSTALL_MODE=editable requires OGX_DIR to point to a directory inside the build context" >&2; \
            exit 1; \
        fi; \
        if [ -n "$SAVED_UV_EXTRA_INDEX_URL" ] && [ -n "$SAVED_UV_INDEX_STRATEGY" ]; then \
            UV_EXTRA_INDEX_URL="$SAVED_UV_EXTRA_INDEX_URL" UV_INDEX_STRATEGY="$SAVED_UV_INDEX_STRATEGY" \
                uv pip install --no-cache -e "$OGX_DIR"; \
        else \
            uv pip install --no-cache -e "$OGX_DIR"; \
        fi; \
    elif [ "$INSTALL_MODE" = "test-pypi" ]; then \
        uv pip install --no-cache fastapi libcst; \
        if [ -n "$TEST_PYPI_VERSION" ]; then \
            if ! uv pip install --no-cache --extra-index-url https://test.pypi.org/simple/ --index-strategy unsafe-best-match "${PACKAGE_NAME}-api==$TEST_PYPI_VERSION"; then \
                echo "No ${PACKAGE_NAME}-api==$TEST_PYPI_VERSION found; assuming the API is bundled in ${PACKAGE_NAME}"; \
            fi; \
            uv pip install --no-cache --extra-index-url https://test.pypi.org/simple/ --index-strategy unsafe-best-match "${PACKAGE_NAME}==$TEST_PYPI_VERSION"; \
        else \
            uv pip install --no-cache --extra-index-url https://test.pypi.org/simple/ --index-strategy unsafe-best-match "$PACKAGE_NAME"; \
        fi; \
    else \
        if [ -n "$PYPI_VERSION" ]; then \
            if ! uv pip install --no-cache "${PACKAGE_NAME}-api==$PYPI_VERSION"; then \
                echo "No ${PACKAGE_NAME}-api==$PYPI_VERSION found; assuming the API is bundled in ${PACKAGE_NAME}"; \
            fi; \
            uv pip install --no-cache "${PACKAGE_NAME}==$PYPI_VERSION"; \
        else \
            uv pip install --no-cache "$PACKAGE_NAME"; \
        fi; \
    fi;

# Install the dependencies for the distribution
# Explicitly unset UV index env vars to ensure we only use PyPI for distribution deps
RUN set -eux; \
    unset UV_EXTRA_INDEX_URL UV_INDEX_STRATEGY; \
    if [ -n "$PIP_CONSTRAINT_FILE" ] && [ -f "$PIP_CONSTRAINT_FILE" ]; then \
        export UV_CONSTRAINT="$PIP_CONSTRAINT_FILE"; \
    fi; \
    if [ -z "$DISTRO_NAME" ]; then \
        echo "DISTRO_NAME must be provided" >&2; \
        exit 1; \
    fi; \
    deps="$("$CLI_NAME" stack list-deps "$DISTRO_NAME")"; \
    if [ -n "$deps" ]; then \
        printf '%s\n' "$deps" | xargs -L1 uv pip install --no-cache; \
    fi

# Install OpenTelemetry auto-instrumentation support.
# The base distro/exporter install is required. The per-library bootstrap
# (opentelemetry-bootstrap -a install) selects the latest instrumentation
# packages, which can conflict with the pinned dependencies of older releases
# being backfilled. With OTEL_BEST_EFFORT=1 a bootstrap failure is logged and
# tolerated instead of failing the build.
RUN set -eux; \
    pip install --no-cache opentelemetry-distro opentelemetry-exporter-otlp; \
    if ! opentelemetry-bootstrap -a install; then \
        if [ "$OTEL_BEST_EFFORT" = "1" ]; then \
            echo "opentelemetry-bootstrap failed; continuing without full auto-instrumentation (OTEL_BEST_EFFORT=1)" >&2; \
        else \
            echo "opentelemetry-bootstrap failed" >&2; \
            exit 1; \
        fi; \
    fi

# Pre-cache tiktoken cl100k_base encoding at build time so the server never
# attempts a runtime download to openaipublic.blob.core.windows.net.
# This is required for air-gapped / disconnected-cluster deployments (e.g. RHOAI).
ENV TIKTOKEN_CACHE_DIR="/.cache/tiktoken"
RUN pip install --no-cache tiktoken && \
    mkdir -p /.cache/tiktoken && \
    python -c "import tiktoken; tiktoken.get_encoding('cl100k_base')"

# Cleanup
RUN set -eux; \
    pip uninstall -y uv; \
    should_remove=1; \
    if [ -n "$KEEP_WORKSPACE" ]; then should_remove=0; fi; \
    if [ "$INSTALL_MODE" = "editable" ]; then should_remove=0; fi; \
    case "$RUN_CONFIG_PATH" in \
        /workspace*) should_remove=0 ;; \
    esac; \
    if [ "$should_remove" -eq 1 ] && [ -d /workspace ]; then rm -rf /workspace; fi

RUN cat <<'EOF' >/usr/local/bin/ogx-entrypoint.sh
#!/bin/sh
set -e

# Enable OpenTelemetry auto-instrumentation if any OTEL_* variable is set
CMD_PREFIX=""
if env | grep -q '^OTEL_'; then
  CMD_PREFIX="opentelemetry-instrument"
  # Disable low-level DB driver instrumentation to prevent duplicate spans
  # when SQLAlchemy ORM instrumentation is also active (known OTel issue).
  export OTEL_PYTHON_DISABLED_INSTRUMENTATIONS="${OTEL_PYTHON_DISABLED_INSTRUMENTATIONS:+$OTEL_PYTHON_DISABLED_INSTRUMENTATIONS,}asyncpg,sqlite3"
fi

CLI_NAME="${CLI_NAME:-ogx}"

if [ -n "$RUN_CONFIG_PATH" ] && [ -f "$RUN_CONFIG_PATH" ]; then
  exec $CMD_PREFIX "$CLI_NAME" stack run "$RUN_CONFIG_PATH" "$@"
fi

if [ -n "$DISTRO_NAME" ]; then
  exec $CMD_PREFIX "$CLI_NAME" stack run "$DISTRO_NAME" "$@"
fi

exec $CMD_PREFIX "$CLI_NAME" stack run "$@"
EOF
RUN chmod +x /usr/local/bin/ogx-entrypoint.sh

RUN mkdir -p "/.${CLI_NAME}" /.cache && chmod -R g+rw /app "/.${CLI_NAME}" /.cache

ENTRYPOINT ["/usr/local/bin/ogx-entrypoint.sh"]
