# Stage 1: Builder
FROM python:3.12-slim AS builder

# Install system dependencies
RUN apt-get update && apt-get install -y \
    git \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Install Tools
RUN curl -Lo /bin/hadolint https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 && chmod +x /bin/hadolint
RUN pip install checkov semgrep
RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin

# Install UV
COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/

WORKDIR /app
COPY pyproject.toml .
# Create virtual environment and install dependencies
RUN uv venv /opt/venv
RUN uv pip install --python /opt/venv/bin/python . 

# Stage 2: Final
FROM python:3.12-slim

# Install system dependencies needed at runtime
RUN apt-get update && apt-get install -y \
    git \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user
RUN useradd --create-home --shell /bin/bash app
WORKDIR /app

# Copy virtual environment and tools from builder
COPY --from=builder /opt/venv /opt/venv
COPY --from=builder /bin/hadolint /bin/hadolint
# Copy other tools if needed (Trivy, etc.)
COPY --from=builder /usr/local/bin/trivy /usr/local/bin/trivy

# Copy application code
COPY src/ ./src/
COPY mcp_servers/ ./mcp_servers/
COPY crews/ ./crews/
COPY tools/ ./tools/
COPY config/ ./config/
COPY contexts/ ./contexts/
COPY README.md .

# Set the environment variables to use the venv
ENV PATH="/opt/venv/bin:$PATH"
ENV PYTHONPATH="/app/src"
USER app

EXPOSE 8000

ENTRYPOINT ["uvicorn", "src.pr_reviewer.main:app", "--host", "0.0.0.0", "--port", "8000"]