# Simple Dockerfile for homelab use
FROM golang:1.25-alpine AS builder

# Install dependencies including C++ build tools
RUN apk add --no-cache git make gcc g++ musl-dev cmake

# Set working directory
WORKDIR /app

# Copy go mod files
COPY go.mod go.sum ./

# Download dependencies
RUN go mod download

# Copy source code
COPY . .

# Copy and build native C++ libraries (without NVML for non-GPU systems)
COPY native/ ./native/
RUN rm -rf native/build && cd native && mkdir -p build && cd build && \
    cmake .. -DCMAKE_BUILD_TYPE=Release -DFETCHML_DOCKER_BUILD=1 -DBUILD_NVML_GPU=OFF && \
    make -j$(nproc)

# Build Go binaries (native libs not used in Docker since NVML unavailable in Alpine)
RUN CGO_ENABLED=1 go build -o bin/api-server cmd/api-server/main.go && \
    CGO_ENABLED=1 go build -o bin/worker ./cmd/worker

# Final stage
FROM alpine:3.19

# Install runtime dependencies including C++ stdlib
RUN apk add --no-cache bash ca-certificates redis openssl curl podman fuse-overlayfs slirp4netns iptables libstdc++

# Create app user
RUN addgroup -g 1001 -S appgroup && \
    adduser -u 1001 -S appuser -G appgroup

# Set working directory
WORKDIR /app

# Copy binaries from builder
COPY --from=builder /app/bin/ /usr/local/bin/

# Note: Native libraries not included (NVML unavailable in Alpine Linux)
# COPY --from=builder /app/native/build/lib*.so /usr/local/lib/
# ENV LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:$LD_LIBRARY_PATH

# Copy configs and templates
COPY --from=builder /app/configs/ /app/configs/

# Create necessary directories
RUN mkdir -p /app/data/experiments /app/data/datasets /app/data/snapshots /app/logs /app/ssl

# Generate SSL certificates for container use
RUN openssl req -x509 -newkey rsa:2048 -keyout /app/ssl/key.pem -out /app/ssl/cert.pem -days 365 -nodes \
    -subj "/C=US/ST=Homelab/L=Local/O=ML/OU=Experiments/CN=localhost" && \
    chmod 644 /app/ssl/cert.pem && chmod 600 /app/ssl/key.pem

# Ensure app user can write to data/logs and read TLS material
RUN chown -R appuser:appgroup /app/data /app/logs /app/ssl /app/configs

# Switch to app user
USER appuser

# Expose ports
EXPOSE 9101

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
  CMD curl -f http://localhost:9101/health || curl -k -f https://localhost:9101/health || exit 1

# Default command
CMD ["/usr/local/bin/api-server", "-config", "/app/configs/api/dev.yaml"]