# syntax=docker/dockerfile:1.7

# ---------------------------------------------------------------------------
# Stage 1 — Build Go analytics service
# ---------------------------------------------------------------------------
FROM rockylinux/rockylinux:10 AS go-build

RUN dnf install -y golang && dnf clean all

WORKDIR /src
COPY analytics/go.mod analytics/go.sum ./
RUN go mod download
COPY analytics/ .
RUN CGO_ENABLED=0 GOOS=linux go build -o /analytics-server ./cmd/server

# ---------------------------------------------------------------------------
# Stage 2 — Python base
# ---------------------------------------------------------------------------
FROM rockylinux/rockylinux:10 AS base

RUN dnf install -y python3 && dnf clean all

ENV PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1 \
    UV_COMPILE_BYTECODE=1 \
    UV_LINK_MODE=copy \
    UV_PROJECT_ENVIRONMENT=/app/.venv

COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv

WORKDIR /app

# ---------------------------------------------------------------------------
# Stage 3 — Python dependencies
# ---------------------------------------------------------------------------
FROM base AS deps
COPY pyproject.toml uv.lock* ./
RUN --mount=type=cache,target=/root/.cache/uv \
    uv sync --frozen --no-install-project --no-dev

# ---------------------------------------------------------------------------
# Stage 4 — Python application
# ---------------------------------------------------------------------------
FROM deps AS app-build
COPY app/ ./app/
RUN --mount=type=cache,target=/root/.cache/uv \
    uv sync --frozen --no-dev

# ---------------------------------------------------------------------------
# Stage 5 — Final image (Python + Go binary)
# ---------------------------------------------------------------------------
FROM base AS final

RUN groupadd --gid 10001 appgroup && \
    useradd --uid 10001 --gid 10001 --no-create-home --shell /sbin/nologin appuser

COPY --from=go-build /analytics-server /usr/local/bin/analytics-server
COPY --from=app-build --chown=appuser:appgroup /app /app

USER appuser
WORKDIR /app

ENV PATH="/app/.venv/bin:$PATH" \
    ROLE=api

EXPOSE 8000 8080

ENTRYPOINT ["/bin/sh", "-c", "\
  if [ \"$ROLE\" = 'analytics' ]; then \
    /usr/local/bin/analytics-server; \
  else \
    uvicorn app.main:app --host 0.0.0.0 --port 8000 --no-access-log; \
  fi"]