# SooSeF Federation Server
# Multi-stage build for minimal image size.
#
# Tier 2: Org server (full features — web UI, attestation, federation, stego)
#   docker build -t soosef-server .
#   docker run -v soosef-data:/data -p 5000:5000 -p 8000:8000 soosef-server
#
# Tier 3: Federation relay (attestation + federation only, no stego, no web UI)
#   docker build --target relay -t soosef-relay .
#   docker run -v relay-data:/data -p 8000:8000 soosef-relay

# === Stage 1: Build dependencies ===
FROM python:3.12-slim-bookworm AS builder

RUN apt-get update && apt-get install -y --no-install-recommends \
    gcc g++ gfortran \
    libjpeg62-turbo-dev zlib1g-dev libffi-dev libssl-dev \
    libopenblas-dev \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /build
COPY . .

# Install into a virtual environment for clean copying
RUN python -m venv /opt/soosef-env \
    && /opt/soosef-env/bin/pip install --no-cache-dir \
       ".[web,cli,attest,stego-dct,api,federation]"

# === Stage 2: Federation relay (minimal) ===
FROM python:3.12-slim-bookworm AS relay

RUN apt-get update && apt-get install -y --no-install-recommends \
    libjpeg62-turbo libopenblas0 \
    && rm -rf /var/lib/apt/lists/* \
    && useradd -m -s /bin/bash soosef

COPY --from=builder /opt/soosef-env /opt/soosef-env

ENV PATH="/opt/soosef-env/bin:$PATH" \
    SOOSEF_DATA_DIR=/data \
    PYTHONUNBUFFERED=1

VOLUME /data
EXPOSE 8000

USER soosef

# Federation relay: only the verisoo API with federation endpoints
CMD ["uvicorn", "soosef.verisoo.api:app", "--host", "0.0.0.0", "--port", "8000"]

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s \
    CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:8000/health')"

# === Stage 3: Full org server ===
FROM python:3.12-slim-bookworm AS server

RUN apt-get update && apt-get install -y --no-install-recommends \
    libjpeg62-turbo libopenblas0 \
    && rm -rf /var/lib/apt/lists/* \
    && useradd -m -s /bin/bash soosef

COPY --from=builder /opt/soosef-env /opt/soosef-env

# Copy frontend templates and static assets
COPY frontends/ /opt/soosef-env/lib/python3.12/site-packages/frontends/

ENV PATH="/opt/soosef-env/bin:$PATH" \
    SOOSEF_DATA_DIR=/data \
    PYTHONUNBUFFERED=1

VOLUME /data
EXPOSE 5000 8000

USER soosef

# Init on first run, then start web UI + federation API
CMD ["sh", "-c", "soosef init 2>/dev/null; soosef serve --host 0.0.0.0 --no-https"]

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s \
    CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:5000/health')"