# Maree-CareFlow — Backend Dockerfile
# APP_VERSION: 1.0.50
# Base: python:3.12-slim-bookworm (NOT alpine — required for C extensions:
#   psycopg2, pywebpush/py_vapid, cryptography, weasyprint, numpy, pandas, reportlab)
#
# Multi-stage build:
#   builder  — installs build deps + wheels into /install
#   runtime  — minimal image, copies only installed packages + app code

# ── Stage 1: builder ──────────────────────────────────────────────────────────
FROM python:3.12-slim-bookworm AS builder

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1 \
    PIP_DISABLE_PIP_VERSION_CHECK=1

WORKDIR /build

# System build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    gcc \
    g++ \
    libpq-dev \
    libffi-dev \
    libssl-dev \
    libxml2-dev \
    libxslt1-dev \
    libjpeg-dev \
    libpng-dev \
    libglib2.0-dev \
    libcairo2-dev \
    libpango1.0-dev \
    libgdk-pixbuf2.0-dev \
    pkg-config \
    && rm -rf /var/lib/apt/lists/*

# Install Python wheels into /install prefix
COPY requirements.txt ./
RUN pip install --upgrade pip && \
    pip install \
        --no-cache-dir \
        --compile \
        --prefix=/install \
        -r requirements.txt

# ── Stage 2: runtime ──────────────────────────────────────────────────────────
FROM python:3.12-slim-bookworm AS runtime

LABEL org.opencontainers.image.title="Maree-CareFlow Backend" \
      org.opencontainers.image.version="1.0.50" \
      org.opencontainers.image.description="FastAPI backend for Maree-CareFlow Australian allied health practice management system" \
      maintainer="Maree-CareFlow Team"

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PYTHONPATH=/app \
    PATH="/install/bin:$PATH" \
    PYTHONUSERBASE=/install

# Runtime system dependencies only (no build tools)
RUN apt-get update && apt-get install -y --no-install-recommends \
    # libpq for psycopg2 runtime
    libpq5 \
    # curl for HEALTHCHECK
    curl \
    # WeasyPrint runtime deps
    libcairo2 \
    libpango-1.0-0 \
    libpangocairo-1.0-0 \
    libgdk-pixbuf2.0-0 \
    libffi8 \
    libxml2 \
    libxslt1.1 \
    libjpeg62-turbo \
    # fonts for PDF generation
    fonts-liberation \
    fonts-dejavu-core \
    && rm -rf /var/lib/apt/lists/*

# Copy installed Python packages from builder
COPY --from=builder /install /install

# Create non-root user
RUN groupadd --gid 1001 careflow && \
    useradd --uid 1001 --gid careflow --shell /bin/bash --create-home careflow

WORKDIR /app

# Copy application source
COPY --chown=careflow:careflow . .

# Create writable directories
RUN mkdir -p /app/uploads /app/logs && \
    chown -R careflow:careflow /app/uploads /app/logs

USER careflow

EXPOSE 8000

HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD curl -f http://localhost:8000/health || exit 1

# 2 workers in container (horizontal scale via replicas, not within container)
CMD ["uvicorn", "app.main:app", \
     "--host", "0.0.0.0", \
     "--port", "8000", \
     "--workers", "2", \
     "--proxy-headers", \
     "--forwarded-allow-ips=*", \
     "--log-level", "info"]
