# MineNASAI Dockerfile
# 多阶段构建，优化镜像大小

# ==================== 构建阶段 ====================
FROM python:3.13-slim AS builder

# 设置环境变量
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1 \
    PIP_DISABLE_PIP_VERSION_CHECK=1

WORKDIR /app

# 安装构建依赖
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    && rm -rf /var/lib/apt/lists/*

# 复制项目文件
COPY pyproject.toml ./
COPY src/ ./src/

# 安装依赖到虚拟环境
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
RUN pip install --upgrade pip && \
    pip install .

# ==================== 运行阶段 ====================
FROM python:3.13-slim AS runtime

# 安全设置 - 创建非 root 用户
RUN groupadd --gid 1000 minenasai && \
    useradd --uid 1000 --gid minenasai --shell /bin/bash --create-home minenasai

# 设置环境变量
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PATH="/opt/venv/bin:$PATH" \
    MINENASAI_ENV=production

WORKDIR /app

# 安装运行时依赖
RUN apt-get update && apt-get install -y --no-install-recommends \
    openssh-client \
    curl \
    && rm -rf /var/lib/apt/lists/*

# 从构建阶段复制虚拟环境
COPY --from=builder /opt/venv /opt/venv

# 复制应用代码
COPY --chown=minenasai:minenasai src/ ./src/
COPY --chown=minenasai:minenasai config/ ./config/

# 创建数据目录
RUN mkdir -p /app/data /app/logs && \
    chown -R minenasai:minenasai /app/data /app/logs

# 切换到非 root 用户
USER minenasai

# 健康检查
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:8000/health/live || exit 1

# 暴露端口
EXPOSE 8000 8080

# 启动命令
CMD ["python", "-m", "uvicorn", "minenasai.gateway.server:app", "--host", "0.0.0.0", "--port", "8000"]