# ---------- Base image ----------
FROM python:3.12-slim AS base

# Evita pyc, mejora logs
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

# Dependencias del sistema necesarias para crypto / PDFs
RUN apt-get update && apt-get install -y \
    build-essential \
    libssl-dev \
    libffi-dev \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app


# ---------- Dependencies ----------
FROM base AS deps

# Copiamos solo metadatos para aprovechar cache
COPY ./pyproject.toml ./

# Instalamos dependencias
RUN pip install --upgrade pip \
    && pip install .


# ---------- Runtime ----------
FROM base AS runtime

# Copiamos dependencias instaladas
COPY --from=deps /usr/local /usr/local

# Copiamos código fuente
COPY src/ ./

# Puerto FastAPI
EXPOSE 8000

# Usuario no-root (buena práctica)
RUN useradd -m appuser
USER appuser

# Comando de arranque
CMD ["sh", "-c", "\
    if [ \"$UVICORN_RELOAD\" = \"true\" ]; then \
    uvicorn signing_service.main:app --host 0.0.0.0 --port 8000 --reload; \
    else \
    uvicorn signing_service.main:app --host 0.0.0.0 --port 8000 --workers ${UVICORN_WORKERS:-1}; \
    fi"]

# Healthcheck

#RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*

#HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
#    CMD curl -f http://127.0.0.1:8000/health || exit 1