# ═══════════════════════════════════════════════════════════════════════════════
# mimicxai — container image
# ═══════════════════════════════════════════════════════════════════════════════
#
# Multi-stage build:
#   Stage 1 (builder) — install Python deps in a clean venv
#   Stage 2 (runtime) — slim image with only runtime dependencies
#
# Build:
#   docker build -t mimicxai:latest -f deploy/Dockerfile .
#
# Run:
#   docker run -p 8000:8000 -e OLLAMA_HOST=http://host.docker.internal:11434 mimicxai:latest
#
# GPU (NVIDIA):
#   docker build --build-arg BASE_IMAGE=nvidia/cuda:12.4.1-runtime-ubuntu22.04 -t mimicxai:gpu .
#   docker run --gpus all -p 8000:8000 mimicxai:gpu
#
# ═══════════════════════════════════════════════════════════════════════════════

ARG BASE_IMAGE=python:3.12-slim

# ── Stage 1: Builder ─────────────────────────────────────────────────────────

FROM ${BASE_IMAGE} AS builder

WORKDIR /build

# System build deps
RUN apt-get update -qq && apt-get install -y -qq --no-install-recommends \
        build-essential cmake pkg-config \
        libssl-dev libffi-dev \
    && rm -rf /var/lib/apt/lists/*

# Create venv
RUN python3 -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
RUN pip install --upgrade pip wheel setuptools

# Install Python dependencies first (cache layer)
COPY pyproject.toml ./
RUN pip install --no-cache-dir \
    "cryptography>=42.0" \
    "numpy>=1.26" \
    "pydantic>=2.0" \
    "sqlalchemy>=2.0" \
    "typer>=0.12" \
    "rich>=13.0" \
    "keyring>=25.0" \
    "pyjwt>=2.8" \
    "tomli-w>=1.0" \
    "fastapi>=0.110" \
    "uvicorn>=0.29" \
    "httpx>=0.27" \
    "scikit-learn>=1.4" \
    "pillow>=10.0"

# Copy source and install
COPY . .
RUN pip install --no-cache-dir -e ".[serve]"

# ── Stage 2: Runtime ─────────────────────────────────────────────────────────

FROM ${BASE_IMAGE} AS runtime

LABEL maintainer="mimicxai"
LABEL app="mimicxai"
LABEL description="mimicxai — secure foundation model management"

# Runtime system deps
RUN apt-get update -qq && apt-get install -y -qq --no-install-recommends \
        tesseract-ocr \
        ffmpeg \
        libgl1 libglib2.0-0 libsm6 libxext6 \
        curl jq \
        tini \
    && rm -rf /var/lib/apt/lists/*

# Copy venv from builder
COPY --from=builder /opt/venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1

# Copy application source
WORKDIR /app
COPY --from=builder /build /app

# Create data directories
RUN mkdir -p /var/lib/mimicxai/models \
             /var/lib/mimicxai/data \
             /var/lib/mimicxai/logs \
             /var/lib/mimicxai/mindmap_data

# Copy deployment scripts
COPY deploy/healthcheck.py /app/healthcheck.py

# Non-root user
RUN groupadd -r mimicx && useradd -r -g mimicx -d /app -s /sbin/nologin mimicx \
    && chown -R mimicx:mimicx /app /var/lib/mimicxai
USER mimicx

# Environment defaults
ENV MIMICX_HOST=0.0.0.0
ENV MIMICX_PORT=8000
ENV MIMICX_WORKERS=4
ENV MIMICX_DATA_DIR=/var/lib/mimicxai
ENV MIMICX_LOG_LEVEL=info
ENV OLLAMA_HOST=http://localhost:11434
ENV OLLAMA_MODEL=mimicxai/darwin

# Health check
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
    CMD python3 /app/healthcheck.py --quiet || exit 1

EXPOSE ${MIMICX_PORT}

# Use tini as init system
ENTRYPOINT ["tini", "--"]

# Start API server
CMD ["sh", "-c", \
    "uvicorn mimicxai.serving.app:app \
        --host ${MIMICX_HOST} \
        --port ${MIMICX_PORT} \
        --workers ${MIMICX_WORKERS} \
        --log-level ${MIMICX_LOG_LEVEL} \
        --access-log"]
