# Multi-stage build for engrami-api
# Stage 1: builder installs deps and the package
# Stage 2: slim runtime with just what's needed

FROM python:3.12-slim AS builder

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1 \
    PIP_DISABLE_PIP_VERSION_CHECK=1

WORKDIR /build

# System deps for sentence-transformers (torch wheels) and blake3
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    git \
    && rm -rf /var/lib/apt/lists/*

# Copy only what's needed for install
COPY pyproject.toml ./
COPY engrami ./engrami
COPY README.md ./

# Install in a venv we can copy to the runtime stage
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
RUN pip install --upgrade pip wheel setuptools
RUN pip install .

# ----------------------------------------------------------------------

FROM python:3.12-slim AS runtime

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PATH="/opt/venv/bin:$PATH" \
    ENGRAMI_STORAGE_DATA_DIR=/var/lib/engrami

# Runtime deps only
RUN apt-get update && apt-get install -y --no-install-recommends \
    libgomp1 \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Non-root user
RUN useradd --create-home --shell /bin/bash engrami && \
    mkdir -p /var/lib/engrami && \
    chown -R engrami:engrami /var/lib/engrami

COPY --from=builder /opt/venv /opt/venv

USER engrami
WORKDIR /home/engrami

EXPOSE 8000

HEALTHCHECK --interval=15s --timeout=5s --start-period=30s --retries=3 \
    CMD curl -fsS http://localhost:8000/healthz || exit 1

CMD ["engrami-api"]
