# build stage — fetches and builds Honcho from source
FROM python:3.13-slim-bookworm AS honcho-builder

RUN apt-get update && \
    apt-get install -y --no-install-recommends git && \
    rm -rf /var/lib/apt/lists/*

COPY --from=ghcr.io/astral-sh/uv:0.9.24 /uv /bin/uv

ARG HONCHO_REPO=ssh://git@code.lazyworkhorse.net:2222/Hermes/honcho.git
ARG HONCHO_REF=main
RUN --mount=type=ssh git clone --depth 1 --branch ${HONCHO_REF} ${HONCHO_REPO} /app

WORKDIR /app

ENV UV_COMPILE_BYTECODE=1
ENV UV_LINK_MODE=copy
ENV UV_PYTHON=/usr/local/bin/python3.13

RUN uv sync --frozen

# build stage — builds OpenConcho SPA
FROM node:22-bookworm AS openconcho-builder

ENV PNPM_HOME=/pnpm
ENV PATH=$PNPM_HOME:$PATH
RUN corepack enable && corepack prepare pnpm@latest --activate

WORKDIR /app
RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*

ARG OPENCONCHO_SHA=e490d911fcb27ee193558fd9a28856cde2057665
RUN git clone --depth 1 https://github.com/offendingcommit/openconcho.git /app && \
    git -C /app fetch --depth 1 origin ${OPENCONCHO_SHA} && \
    git -C /app checkout ${OPENCONCHO_SHA}

RUN pnpm install --frozen-lockfile
RUN pnpm --filter @openconcho/web build

# runtime stage — nginx + Honcho FastAPI
FROM python:3.13-slim-bookworm

# Install nginx and create runtime dirs before dropping permissions
RUN apt-get update && apt-get install -y --no-install-recommends nginx && \
    rm -rf /var/log/nginx/* && \
    rm -rf /var/lib/apt/lists/* && \
    rm -f /etc/nginx/sites-enabled/default

# Patch nginx.conf: comment out "user www-data;" so nginx master stays as root
# (workers inherit root inside a container — fine for single-service isolation)
RUN sed -i 's/^user /# user /' /etc/nginx/nginx.conf

# Pre-create nginx runtime directories with proper ownership
RUN mkdir -p /var/lib/nginx/body /var/lib/nginx/proxy /var/lib/nginx/fastcgi \
             /var/lib/nginx/uwsgi /var/lib/nginx/scgi /var/lib/nginx/proxy_temp \
             /var/cache/nginx && \
    chown -R root:root /var/lib/nginx /var/cache/nginx

# Honcho
COPY --from=honcho-builder /app /app
WORKDIR /app
ENV PATH="/app/.venv/bin:$PATH"
ENV HOME=/app
COPY config.toml /app/config.toml

# OpenConcho SPA
COPY --from=openconcho-builder /app/packages/web/dist /usr/share/nginx/html

# nginx config (proxies /v3/, /v2/ to Honcho on localhost:8000)
COPY honcho-nginx.conf /etc/nginx/conf.d/default.conf

EXPOSE 80

CMD ["sh", "-c", "nginx -g 'daemon off;' & fastapi run --host 127.0.0.1 --port 8000 src/main.py & python3 -m src.deriver & wait -n"]