# SkillGate — Multi-stage Docker build
# Targets: cli (default), api, worker
#
# CLI:    docker build -t skillgate .
# API:    docker build -t skillgate-api --target api .
# Worker: docker build -t skillgate-worker --target worker .

# --- Stage 1: Build ---
FROM python:3.12-slim AS builder

WORKDIR /build

COPY pyproject.toml README.md ./
COPY skillgate/ skillgate/

RUN pip install --no-cache-dir build \
    && python -m build --wheel --outdir /build/dist

# --- Stage 2: CLI Runtime (default) ---
FROM python:3.12-slim AS cli

LABEL maintainer="SkillGate Team"
LABEL org.opencontainers.image.title="SkillGate CLI"
LABEL org.opencontainers.image.description="CI/CD policy enforcement for agent skills"
LABEL org.opencontainers.image.version="1.0.0"

COPY --from=builder /build/dist/*.whl /tmp/
RUN pip install --no-cache-dir /tmp/*.whl \
    && rm -f /tmp/*.whl

RUN useradd --create-home --shell /bin/bash skillgate
USER skillgate
WORKDIR /home/skillgate

ENTRYPOINT ["skillgate"]
CMD ["--help"]

# --- Stage 3: API Runtime ---
FROM python:3.12-slim AS api

LABEL org.opencontainers.image.title="SkillGate API"
LABEL org.opencontainers.image.description="SkillGate hosted API server"

COPY --from=builder /build/dist/*.whl /tmp/
RUN set -eu; \
    wheel="$(ls /tmp/skillgate-*.whl)"; \
    pip install --no-cache-dir "${wheel}[api,otel,worker]"; \
    rm -f /tmp/*.whl

RUN useradd --create-home --shell /bin/bash skillgate
USER skillgate
WORKDIR /home/skillgate

EXPOSE 8000

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
    CMD python -c "import httpx; httpx.get('http://localhost:8000/api/v1/health').raise_for_status()"

ENTRYPOINT ["uvicorn", "skillgate.api.app:create_app", "--factory", "--host", "0.0.0.0", "--port", "8000"]
CMD ["--workers", "4"]

# --- Stage 4: Worker Runtime ---
FROM python:3.12-slim AS worker

LABEL org.opencontainers.image.title="SkillGate Worker"
LABEL org.opencontainers.image.description="SkillGate background task worker"

COPY --from=builder /build/dist/*.whl /tmp/
RUN set -eu; \
    wheel="$(ls /tmp/skillgate-*.whl)"; \
    pip install --no-cache-dir "${wheel}[api,worker]"; \
    rm -f /tmp/*.whl

RUN useradd --create-home --shell /bin/bash skillgate
USER skillgate
WORKDIR /home/skillgate

ENTRYPOINT ["arq", "skillgate.api.worker.WorkerSettings"]

# --- Stage 5: Default Image (CLI) ---
# Keep CLI as the default output when no --target is provided.
FROM cli AS default
