FROM python:3.10-slim

# ── Base OS packages ───────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    gcc python3-dev openssl curl ca-certificates gnupg build-essential \
    && rm -rf /var/lib/apt/lists/*

# ── MariaDB client libs ────────────────────────────────────────────
RUN curl -LsSO https://r.mariadb.com/downloads/mariadb_repo_setup && \
    chmod +x mariadb_repo_setup && ./mariadb_repo_setup --mariadb-server-version="mariadb-11.7" && \
    apt-get update && apt-get install -y --no-install-recommends \
    libmariadb3 libmariadb-dev && \
    apt-get clean && rm -rf /var/lib/apt/lists/*

# ── Python tooling ────────────────────────────────────────────────
RUN pip install --no-cache-dir uv==0.1.37

RUN useradd -m -u 1000 user

WORKDIR /app
# Copy project files
COPY . /app

# Fix permissions so the unprivileged user can write to /app
RUN chown -R user:user /app

# Ensure our src/ is on the Python path so our local code is used
ENV PYTHONPATH=/app/src

# Install project (editable) + FastAPI stack in one layer
RUN uv pip install -e . --system && \
    uv pip install fastapi uvicorn[standard] --system

# ── Unprivileged user ─────────────────────────────────────────────
USER user

ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH \
    UV_NO_CACHE=1 \
    UV_CACHE_DIR=/dev/null \
    PORT=7860

EXPOSE 7860

# Run the server using uv as a module, compatible with Hugging Face Spaces
CMD ["uv", "run", "mcp_server_mariadb_vector", "--host", "0.0.0.0", "--port", "7860"]