FROM python:3.12-slim

WORKDIR /app

# Install system dependencies
#RUN apt-get update && apt-get install -y --no-install-recommends \
#    curl \
#    && rm -rf /var/lib/apt/lists/*

RUN apt-get update \
    && apt-get install -y --no-install-recommends ca-certificates curl gnupg \
    && install -m 0755 -d /etc/apt/keyrings \
    && curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
    && . /etc/os-release \
    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian ${VERSION_CODENAME} stable" \
       > /etc/apt/sources.list.d/docker.list \
    && apt-get update \
    && apt-get install -y --no-install-recommends docker-ce-cli docker-compose-plugin openssh-client \
    && rm -rf /var/lib/apt/lists/*

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Install Playwright browser (Chromium) and its system dependencies.
# Skip with: docker build --build-arg NO_BROWSER=1 ... (~350MB smaller, browser tool unavailable)
ARG NO_BROWSER=0
RUN if [ "$NO_BROWSER" = "0" ]; then playwright install --with-deps chromium; fi

COPY server/ ./server/

# Data directory for encrypted DB (mounted as volume in production)
RUN mkdir -p /app/data

EXPOSE 8080

CMD ["uvicorn", "server.main:app", "--host", "0.0.0.0", "--port", "8080"]
