# syntax=docker/dockerfile:1.4
# ============================================================
# Velocity-OS — core (FastAPI Backend)
# Immutable, signed, multi-stage production image.
# ============================================================

# ── Stage 1: Dependency builder ──────────────────────────────
FROM python:3.11-slim AS builder

WORKDIR /build

# Install system deps required for some Python packages
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    libpq-dev \
    curl \
    && rm -rf /var/lib/apt/lists/*

COPY requirements.txt .
RUN --mount=type=cache,target=/root/.cache/pip \
    pip install --user --no-warn-script-location -r requirements.txt

# ── Stage 2: Production runtime ──────────────────────────────
FROM python:3.11-slim AS runtime

LABEL org.opencontainers.image.title="velocity-os-core" \
      org.opencontainers.image.description="Velocity-OS FastAPI Neural Core" \
      org.opencontainers.image.vendor="Desineuron" \
      org.opencontainers.image.version="2.0.0"

# Runtime system deps only
RUN apt-get update && apt-get install -y --no-install-recommends \
    libpq5 \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Non-root user for security
RUN groupadd -r velocity && useradd -r -g velocity velocity

WORKDIR /app

# Copy installed packages from builder
COPY --from=builder /root/.local /home/velocity/.local
COPY --chown=velocity:velocity . .

ENV PATH=/home/velocity/.local/bin:$PATH \
    PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PYTHONPATH=/app

USER velocity

EXPOSE 8443

HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
    CMD curl -f http://localhost:8443/health || exit 1

# 2 workers for RTX 6000 Blackwell workstation (adjust via K3s env override)
CMD ["uvicorn", "main:app", \
     "--host", "0.0.0.0", \
     "--port", "8443", \
     "--workers", "2", \
     "--log-level", "info", \
     "--access-log"]