# ---------- Stage 1: pull Chat-UI build artifacts ----------
FROM ghcr.io/huggingface/chat-ui:latest AS base

# ---------- Stage 2: slim runtime ----------
FROM ubuntu:22.04 AS final

# Base utilities + Node + Python
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
    curl gnupg ca-certificates python3 python3-pip && \
    curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
    apt-get install -y nodejs && \
    rm -rf /var/lib/apt/lists/*

# Upgrade pip and install runtime libs used by proxy.py
RUN python3 -m pip install --no-cache-dir --upgrade pip && \
    pip3 install --no-cache-dir \
      fastapi uvicorn httpx[http2] \
      smolagents litellm \
      "pydantic>=2,<3"

# MongoDB
RUN curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | \
      gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor
RUN echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" \
      | tee /etc/apt/sources.list.d/mongodb-org-7.0.list
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
      mongodb-org && rm -rf /var/lib/apt/lists/*

ARG MODEL_NAME
ENV MODEL_NAME=${MODEL_NAME}
ENV TZ=Europe/Paris PORT=3000

# --- Non-root user and dirs ---
RUN groupadd -g 1000 user && useradd -m -u 1000 -g 1000 user && \
    mkdir -p /app /home/user/data/db /home/user/logs && \
    chown -R 1000:1000 /app /home/user
ENV HOME=/home/user PATH=/home/user/.local/bin:$PATH
WORKDIR /app

# Global dotenv-cli and Python proxy deps
RUN npm install -g dotenv-cli
RUN pip3 install --no-cache-dir fastapi uvicorn httpx

# Switch to non-root
USER user
WORKDIR /app
ENV HOME=/home/user PATH=/home/user/.local/bin:$PATH

# Chat-UI bits from base
COPY --from=base --chown=1000 /app/node_modules /app/node_modules
COPY --from=base --chown=1000 /app/package.json /app/package.json
COPY --from=base --chown=1000 /app/build /app/build
COPY --from=base --chown=1000 /app/.env /app/.env

# Local config, proxy, entrypoint
COPY --chown=1000 .env.local /app/.env.local
COPY --chown=1000 proxy.py /app/proxy.py
COPY --chown=1000 agents /app/agents
COPY --chown=1000 --chmod=0755 entrypoint.sh /app/entrypoint.sh

ENTRYPOINT ["/app/entrypoint.sh"]