# syntax=docker/dockerfile:1.7
ARG UBI=python-312-minimal

FROM registry.access.redhat.com/ubi10/${UBI} AS builder

ARG PYTHON_VERSION=3.12

ARG VERSION
ARG COMMIT_ID
ARG SKILLS_SDK_COMMIT_ID
ARG SKILLS_SDK_VERSION
ARG BUILD_TIME_SKILLS_INSTALL

ENV APP_HOME=/app

USER 0

# Image pre-requisites
RUN INSTALL_PKGS="git make gcc gcc-c++ python${PYTHON_VERSION}-devel" && \
    microdnf -y --setopt=tsflags=nodocs --setopt=install_weak_deps=0 install $INSTALL_PKGS && \
    microdnf -y clean all --enablerepo='*'

# Setup alias from HOME to APP_HOME
RUN mkdir -p ${APP_HOME} && \
    chown -R 1001:0 ${APP_HOME} && \
    ln -s ${HOME} ${APP_HOME} && \
    mkdir -p ${HOME}/resources/config && \
    chown -R 1001:0 ${HOME}/resources/config

USER 1001

# Install plugin package + cryptography pin, create cache dir — single layer.
COPY . .
# hadolint ignore=DL3013
RUN pip install --no-cache-dir uv \
    && python -m uv pip install . \
    && python -m uv pip install "cryptography>=44.0.3" \
    && mkdir -p -m 0776 ${HOME}/.cache

# Download tokenizers and wire up APP_HOME symlinks in a single layer.
COPY --chmod=0776 ./cache_tokenizers.py ${HOME}/cache_tokenizers.py
RUN python ${HOME}/cache_tokenizers.py \
    && ln -s ${HOME}/* ${APP_HOME}

# Update labels
LABEL maintainer="ContextForge Team" \
      name="mcp/mcppluginserver" \
      version="${VERSION}" \
      url="https://github.com/IBM/mcp-context-forge" \
      description="MCP Plugin Server for ContextForge"

# App entrypoint
ENTRYPOINT ["sh", "-c", "${HOME}/run-server.sh"]

FROM builder as testing

COPY tests .
RUN python3 -m uv pip install -e .[dev]
ENTRYPOINT ["sh", "-c", "pytest tests"]
