# Base image is deid (NLP) GPU image
FROM ethyca/deid:2.11.2full_gpu as prod

USER root

COPY nlp/nlp.env /app/.nlp_env

ENV ACCEPT_EULA=y
ENV DEBIAN_FRONTEND=noninteractive

# disable DB and redis integration as they are not used by NLP image
ENV FIDES__DATABASE__ENABLED=false
ENV FIDES__REDIS__ENABLED=false

ARG FIDESPLUS__NLP__ACCURACY_MODE
ARG FIDESPLUS__NLP__BATCH_SIZE
ARG FIDESPLUS__NLP__MULTILINGUAL
ARG FIDESPLUS__NLP__SVC_URL

ARG FIDESPLUS__REGEX__ENABLED

ENV FIDESPLUS__NLP__ACCURACY_MODE=${FIDESPLUS__NLP__ACCURACY_MODE:-standard}
ENV FIDESPLUS__NLP__BATCH_SIZE=${FIDESPLUS__NLP__BATCH_SIZE:-16}
ENV FIDESPLUS__NLP__ENABLED=true
ENV FIDESPLUS__NLP__MULTILINGUAL=${FIDESPLUS__NLP__MULTILINGUAL:-false}
# NLP SVC URL is at 8080 on GPU image
ENV FIDESPLUS__NLP__SVC_URL=${FIDESPLUS__NLP__SVC_URL:-http://localhost:8080/deidentify_text}

ENV FIDESPLUS__REGEX__ENABLED=true

# provide placeholder values for configs to satisfy requirements.
# without them, the webserver will fail to start, and we don't want to require
# users to inject them at runtime since db and redis integration
# are disabled on this build, and therefore these are not used
ENV FIDES__SECURITY__APP_ENCRYPTION_KEY=averyveryverysecretencryptionkey
ENV FIDES__SECURITY__OAUTH_ROOT_CLIENT_ID=fidesadmin
ENV FIDES__SECURITY__OAUTH_ROOT_CLIENT_SECRET=fidesadminsecret
ENV FIDES__DATABASE__SERVER=postgres.internal
ENV FIDES__DATABASE__PORT=5432
ENV FIDES__DATABASE__USER=fides
ENV FIDES__DATABASE__PASSWORD=fidessecret
ENV FIDES__DATABASE__DB=fides
ENV FIDES__REDIS__HOST=redis.internal
ENV FIDES__REDIS__PORT=6379
ENV FIDES__REDIS__PASSWORD=fidessecret

COPY dev-requirements.txt requirements.txt ./
RUN pip install --upgrade pip  \
    && pip install --requirement requirements.txt --requirement dev-requirements.txt

COPY --chown=1001:1001 . /app

WORKDIR /app
RUN pip install --editable .
EXPOSE 8092

# Override base deid healthcheck to check fides/health endpoint
HEALTHCHECK --interval=30s --timeout=10s \
    CMD curl --fail http://localhost:8092/api/v1/plus/health || exit 1

# Use entrypoint script to invoke both NLP service as well as fidesops-plus app
# This also lets us override base deid entrypoint
ENTRYPOINT ["/app/nlp_gpu/entrypoint.sh"]
