FROM public.ecr.aws/amazonlinux/amazonlinux:2023 AS uv

RUN dnf install -y shadow-utils python3 python3-devel gcc nodejs npm && \
    dnf clean all

# Install AWS CDK CLI (required for cdk synth / cdk deploy)
RUN npm install -g aws-cdk

WORKDIR /app

ENV UV_COMPILE_BYTECODE=1
ENV UV_LINK_MODE=copy
ENV UV_PYTHON_PREFERENCE=only-managed
ENV UV_FROZEN=true

COPY pyproject.toml ./

ENV PIP_NO_CACHE_DIR=1 \
    PIP_DISABLE_PIP_VERSION_CHECK=1

RUN python3 -m ensurepip && \
    python3 -m pip install uv --no-cache-dir && \
    uv sync --python 3.13 --frozen --no-install-project --no-dev --no-editable

COPY . /app
RUN uv sync --python 3.13 --frozen --no-dev --no-editable

RUN mkdir -p /root/.local

FROM public.ecr.aws/amazonlinux/amazonlinux:2023

ENV PATH="/app/.venv/bin:$PATH:/usr/sbin" \
    PYTHONUNBUFFERED=1

RUN dnf install -y shadow-utils procps nodejs npm && \
    dnf clean all && \
    npm install -g aws-cdk && \
    groupadd --force --system app && \
    useradd app -g app -d /app && \
    chmod o+x /root

COPY --from=uv --chown=app:app /root/.local /root/.local
COPY --from=uv --chown=app:app /app/.venv /app/.venv

USER app

ENTRYPOINT ["ict-mcp-server"]
