FROM python:3.10-slim

# ── Base OS packages ───────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    gcc python3-dev openssl curl ca-certificates gnupg build-essential \
    && rm -rf /var/lib/apt/lists/*

# ── MariaDB client libs ────────────────────────────────────────────
RUN curl -LsSO https://r.mariadb.com/downloads/mariadb_repo_setup && \
    chmod +x mariadb_repo_setup && ./mariadb_repo_setup --mariadb-server-version="mariadb-11.7" && \
    apt-get update && apt-get install -y --no-install-recommends \
    mariadb-server mariadb-client libmariadb3 libmariadb-dev && \
    apt-get clean && rm -rf /var/lib/apt/lists/*

# ── Python tooling ────────────────────────────────────────────────
RUN pip install --no-cache-dir uv==0.1.37


# MariaDB needs to run as root or mysql user for permissions on /var/lib/mysql
# We'll run the app as user later, but keep root for DB startup
WORKDIR /app
# Copy project files
COPY . /app
RUN chmod +x /app/entrypoint.sh

# Ensure our src/ is on the Python path so our local code is used
ENV PYTHONPATH=/app/src

# Install project (editable) + FastAPI stack in one layer
RUN uv pip install -e . --system && \
    uv pip install fastapi uvicorn[standard] --system

# Fix permissions so the unprivileged user can write to /app and .egg-info
RUN chown -R user:user /app

# Ensure /var/lib/mysql exists and is owned by root (MariaDB default)
RUN mkdir -p /var/lib/mysql && chown -R root:root /var/lib/mysql

# ── Remain as root for DB startup ──

ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH \
    UV_NO_CACHE=1 \
    UV_CACHE_DIR=/dev/null \
    PORT=7860

EXPOSE 7860

# Entrypoint starts MariaDB, waits, then launches app
ENTRYPOINT ["/app/entrypoint.sh"]
CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]