# Ultra-Optimized ML Runner - Minimal Size & Maximum Speed
# Uses distroless approach with multi-stage optimization

# Stage 1: Build environment with package installation
FROM continuumio/miniconda3:latest AS builder

# Install mamba for lightning-fast package resolution
RUN conda install -n base -c conda-forge mamba -y && \
    conda clean -afy

# Create optimized conda environment
RUN mamba create -n ml_env python=3.10 -y && \
    mamba install -n ml_env \
    pytorch>=1.9.0 \
    torchvision>=0.10.0 \
    numpy>=1.21.0 \
    pandas>=1.3.0 \
    scikit-learn>=1.0.0 \
    xgboost>=1.5.0 \
    matplotlib>=3.5.0 \
    seaborn>=0.11.0 \
    jupyter>=1.0.0 \
    -c pytorch -c conda-forge -y && \
    conda clean -afy && \
    mamba clean -afy

# Stage 2: Minimal runtime image
FROM python:3.10-slim-bullseye AS runtime

# Install only essential runtime dependencies
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        ca-certificates \
        libgomp1 \
        libgl1-mesa-glx \
        libglib2.0-0 \
        libsm6 \
        libxext6 \
        libxrender-dev \
        libgthread-2.0-0 \
        && rm -rf /var/lib/apt/lists/*

# Create non-root user
RUN groupadd -r mlrunner && useradd -r -g mlrunner mlrunner

# Copy conda environment from builder
COPY --from=builder /opt/conda/envs/ml_env /opt/conda/envs/ml_env
COPY --from=builder /opt/conda/lib /opt/conda/lib
COPY --from=builder /opt/conda/bin /opt/conda/bin

# Create workspace
WORKDIR /workspace
RUN chown mlrunner:mlrunner /workspace

# Copy security components
COPY secure_runner.py /usr/local/bin/secure_runner.py
COPY security_policy.json /etc/ml_runner/security_policy.json

# Set permissions
RUN chmod +x /usr/local/bin/secure_runner.py && \
    chown mlrunner:mlrunner /usr/local/bin/secure_runner.py && \
    chown -R mlrunner:mlrunner /opt/conda

# Switch to non-root user
USER mlrunner

# Set environment
ENV PATH="/opt/conda/envs/ml_env/bin:/opt/conda/bin:$PATH"
ENV PYTHONPATH="/opt/conda/envs/ml_env/lib/python3.10/site-packages"
ENV CONDA_DEFAULT_ENV=ml_env

# Optimized entrypoint
ENTRYPOINT ["python", "/usr/local/bin/secure_runner.py"]

# Labels for optimization tracking
LABEL size="optimized" \
      speed="maximum" \
      base="python-slim" \
      package_manager="mamba" \
      ml_frameworks="pytorch,sklearn,xgboost" \
      security="enabled"