# Base image is deid (NLP) image
FROM ethyca/deid:2.11.2full as prod

USER root

COPY nlp/nlp.env /app/.nlp_env

# Install auxiliary software
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
    git \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

ENV ACCEPT_EULA=y
ENV DEBIAN_FRONTEND=noninteractive

# disable DB and redis integration as they are not used by NLP image
ENV FIDES__DATABASE__ENABLED=false
ENV FIDES__REDIS__ENABLED=false

ARG FIDESPLUS__NLP__ACCURACY_MODE
ARG FIDESPLUS__NLP__BATCH_SIZE
ARG FIDESPLUS__NLP__MULTILINGUAL
ARG FIDESPLUS__NLP__SVC_URL

ARG FIDESPLUS__REGEX__ENABLED

ENV FIDESPLUS__NLP__ACCURACY_MODE=${FIDESPLUS__NLP__ACCURACY_MODE:-standard}
ENV FIDESPLUS__NLP__BATCH_SIZE=${FIDESPLUS__NLP__BATCH_SIZE:-16}
ENV FIDESPLUS__NLP__ENABLED=true
ENV FIDESPLUS__NLP__MULTILINGUAL=${FIDESPLUS__NLP__MULTILINGUAL:-false}
ENV FIDESPLUS__NLP__SVC_URL=${FIDESPLUS__NLP__SVC_URL:-http://localhost:8081/deidentify_text}

ENV FIDESPLUS__REGEX__ENABLED=true

# provide placeholder values for configs to satisfy requirements.
# without them, the webserver will fail to start, and we don't want to require
# users to inject them at runtime since db and redis integration
# are disabled on this build, and therefore these are not used
ENV FIDES__SECURITY__APP_ENCRYPTION_KEY=averyveryverysecretencryptionkey
ENV FIDES__SECURITY__OAUTH_ROOT_CLIENT_ID=fidesadmin
ENV FIDES__SECURITY__OAUTH_ROOT_CLIENT_SECRET=fidesadminsecret
ENV FIDES__DATABASE__SERVER=postgres.internal
ENV FIDES__DATABASE__PORT=5432
ENV FIDES__DATABASE__USER=fides
ENV FIDES__DATABASE__PASSWORD=fidessecret
ENV FIDES__DATABASE__DB=fides
ENV FIDES__REDIS__HOST=redis.internal
ENV FIDES__REDIS__PORT=6379
ENV FIDES__REDIS__PASSWORD=fidessecret

COPY dev-requirements.txt requirements.txt ./
RUN pip install --upgrade pip  \
    && pip install --requirement requirements.txt --requirement dev-requirements.txt

# Install into same location as deid app so that we can easily run both server processes with CMD
COPY --chown=1000:1000 . /app
RUN chmod +x /app/nlp/entrypoint.sh

WORKDIR /app
RUN pip install --editable .
EXPOSE 8080

# Override base deid healthcheck to check fidesops/health endpoint
HEALTHCHECK --interval=30s --timeout=10s \
    CMD curl --fail http://localhost:8080/api/v1/plus/health || exit 1

# Use entrypoint script to invoke both NLP service as well as fidesops-plus app
# This also lets us override base deid entrypoint
ENTRYPOINT ["/app/nlp/entrypoint.sh"]
