ARG PYTHON_VERSION=3.13
FROM python:${PYTHON_VERSION}-slim

RUN apt-get update && apt-get upgrade -y && rm -rf /var/lib/apt/lists/*

COPY --from=ghcr.io/astral-sh/uv:0.10 /uv /uvx /bin/

# Create non-root user with UID 1000 to match Kubernetes securityContext
RUN groupadd -g 1000 affinity_mcp && useradd -u 1000 -g affinity_mcp affinity_mcp
USER affinity_mcp

WORKDIR /home/affinity_mcp/app

ENV UV_LINK_MODE=copy
ENV UV_HTTP_TIMEOUT=120

# Required: pass --build-arg APP_VERSION=x.y.z to set the app version for uv-dynamic-versioning
ARG APP_VERSION
ENV UV_DYNAMIC_VERSIONING_BYPASS=${APP_VERSION}

# Install dependencies using BuildKit cache mounts for faster rebuilds
RUN --mount=type=cache,target=/home/affinity_mcp/.cache/uv,uid=1000,gid=1000 \
    --mount=type=bind,source=uv.lock,target=uv.lock \
    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
    uv sync \
        --no-progress \
        --frozen \
        --compile-bytecode \
        --no-group dev \
        --no-install-project

# Copy source code
COPY --chown=affinity_mcp:affinity_mcp pyproject.toml uv.lock README.md LICENSE ./
COPY --chown=affinity_mcp:affinity_mcp src/ ./src/

# Install the project itself
RUN --mount=type=cache,target=/home/affinity_mcp/.cache/uv,uid=1000,gid=1000 \
    uv sync \
        --no-progress \
        --frozen \
        --compile-bytecode \
        --no-editable \
        --no-group dev

ENV PATH="/home/affinity_mcp/app/.venv/bin:$PATH"

# Prevent uv run from modifying the environment at runtime
ENV UV_NO_SYNC=true
ENV UV_NO_DEV=true

# MCP server configuration for HTTP mode
ENV MCP_TRANSPORT=streamable-http
ENV MCP_HOST=0.0.0.0

EXPOSE 8000

CMD ["affinity-mcp"]
