# Morphism Categorical Governance Framework
# Single-stage build: Python 3.11 + Node.js 22 for governance validation and CI
FROM python:3.11-slim

RUN apt-get update && apt-get install -y --no-install-recommends \
    git \
    curl \
    build-essential \
    && rm -rf /var/lib/apt/lists/*

# Node.js 22 LTS (GPG-verified repo)
RUN apt-get update && apt-get install -y --no-install-recommends gnupg \
    && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key \
       | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg \
    && echo "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_22.x nodistro main" \
       > /etc/apt/sources.list.d/nodesource.list \
    && apt-get update && apt-get install -y nodejs \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app

# Python dependencies (cached layer)
COPY pyproject.toml README.md ./
COPY src/ src/
RUN pip install --no-cache-dir --timeout 300 -e ".[dev]"

# Node dependencies (cached layer)
COPY package.json package-lock.json turbo.json ./
COPY packages/ packages/
COPY apps/ apps/
RUN npm ci --ignore-scripts

# Governance and project files
COPY scripts/ scripts/
COPY tests/ tests/
COPY docs/ docs/
COPY .morphism/ .morphism/
COPY AGENTS.md SSOT.md GUIDELINES.md README.md ./

ENV PYTHONPATH=/app/src \
    PYTHONUNBUFFERED=1

ENTRYPOINT ["python"]
CMD ["scripts/verify_pipeline.py"]
