FROM python:3.14-slim AS base

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1

WORKDIR /app
RUN apt update && apt install make sudo -y

ENV AGENT_USER="agent"
ENV WORKSPACE_DIR="/workspace/"
ENV INTERNAL_DATA_DIR="/internal_data/"
RUN useradd --shell /bin/bash $AGENT_USER \
    && mkdir -p $WORKSPACE_DIR /home/$AGENT_USER \
    && chown -R agent:agent $WORKSPACE_DIR /home/$AGENT_USER
RUN mkdir -p $INTERNAL_DATA_DIR  \
    && chown -R root:root $INTERNAL_DATA_DIR \
    && chmod o-rwx $INTERNAL_DATA_DIR

FROM base AS builder

RUN apt install git -y
RUN pip install uv

COPY pyproject.toml uv.lock ./
RUN uv sync --frozen --no-install-project --no-dev
RUN uv pip install git+https://git.lambda.coredump.ru/platform/agent_api.git

FROM base AS production

COPY --from=builder /app/.venv /app/.venv
ENV PATH="/app/.venv/bin:$PATH"
ENV ENVIRONMENT="prod"

COPY src/ /app/src/
COPY configs/ /app/configs/
COPY Makefile ./
COPY .mk/ ./.mk/
RUN chown root:root /app && chmod 700 /app
RUN apt install sudo -y && \
    echo "agent ALL=(ALL) NOPASSWD: /usr/bin/apt*" >> /etc/sudoers

EXPOSE 8000

CMD ["make", "uvicorn-prod"]

FROM base AS development

RUN pip install uv

COPY pyproject.toml uv.lock ./
RUN uv sync --frozen --no-install-project

COPY --from=agent_api . /agent_api/
RUN uv pip install -e /agent_api/

ENV PATH="/app/.venv/bin:$PATH"
ENV ENVIRONMENT="dev"

COPY Makefile ./
COPY .mk/ ./.mk/
RUN chown root:root /app && chmod 700 /app
RUN echo "agent ALL=(ALL) NOPASSWD: /usr/bin/apt*" >> /etc/sudoers

EXPOSE 8000

CMD ["make", "uvicorn-dev"]