# syntax=docker/dockerfile:1.7
# MCP RSS Search Server Container
ARG PYTHON_VERSION=3.12

###########################
# Builder stage
###########################
FROM registry.access.redhat.com/ubi10/ubi:10.1-1770180700 AS builder
SHELL ["/bin/bash", "-euo", "pipefail", "-c"]

ARG PYTHON_VERSION

# hadolint ignore=DL3041
RUN set -euo pipefail \
    && dnf upgrade -y \
    && dnf install -y \
        python${PYTHON_VERSION} \
        python${PYTHON_VERSION}-devel \
        binutils gcc gcc-c++ curl \
    && update-alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 1 \
    && dnf clean all

WORKDIR /app

COPY pyproject.toml README.md ./
COPY src/ ./src/

RUN set -euo pipefail \
    && python3 -m venv /app/.venv \
    && /app/.venv/bin/pip install --no-cache-dir --upgrade pip setuptools wheel \
    && /app/.venv/bin/pip install --no-cache-dir . \
    && /app/.venv/bin/pip uninstall --yes pip setuptools wheel \
    && rm -rf /root/.cache \
    && chown -R 1001:0 /app \
    && chmod -R g=u /app

###########################
# Runtime stage
###########################
FROM registry.access.redhat.com/ubi10/ubi-minimal:10.1-1770180557 AS runtime

ARG PYTHON_VERSION=3.12

# hadolint ignore=DL3041
RUN microdnf install -y --nodocs --setopt=install_weak_deps=0 \
        python${PYTHON_VERSION} \
        ca-certificates \
        shadow-utils \
    && microdnf clean all \
    && rm -rf /var/cache/yum \
    && ln -sf /usr/bin/python${PYTHON_VERSION} /usr/bin/python3 \
    && useradd --uid 1001 --gid 0 --home-dir /app --shell /sbin/nologin --no-create-home --comment app app

COPY --from=builder --chown=1001:0 /app /app

ENV PATH="/app/.venv/bin:${PATH}" \
    PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1

WORKDIR /app

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:9100/health || exit 1

# Default to HTTP mode
EXPOSE 9100
USER 1001

# Default command - can override for stdio mode
CMD ["python3", "-m", "mcp_rss_search.server_fastmcp", "--transport", "http", "--host", "0.0.0.0", "--port", "9100"]
