# syntax=docker/dockerfile:1.7
#
# mock-ollama — a tiny FastAPI app emulating the Ollama HTTP API for the demo.
#
#   builder stage : installs deps into a self-contained virtualenv.
#   runtime stage : copies the venv + app, drops to a NON-ROOT user, no build
#                   tools, runs uvicorn on :11434.
#
# This image exists ONLY for the demo stack (docker-compose.demo.yml). It lets
# the demo run with no GPU and no model downloads. It is never published to the
# host — like real Ollama, it is reachable only on the internal Docker network.

# ----------------------------------------------------------------------------
# Stage 1 — builder
# ----------------------------------------------------------------------------
FROM python:3.12-slim AS builder

ENV PIP_DISABLE_PIP_VERSION_CHECK=1 \
    PIP_NO_CACHE_DIR=1 \
    VIRTUAL_ENV=/opt/venv \
    PATH=/opt/venv/bin:$PATH

RUN python -m venv /opt/venv

WORKDIR /app
COPY requirements.txt ./
RUN pip install -r requirements.txt

# ----------------------------------------------------------------------------
# Stage 2 — runtime
# ----------------------------------------------------------------------------
FROM python:3.12-slim AS runtime

# curl is used by the compose healthcheck.
RUN apt-get update \
    && apt-get install -y --no-install-recommends curl \
    && rm -rf /var/lib/apt/lists/*

# Non-root user.
RUN groupadd --system --gid 10001 mock \
    && useradd --system --uid 10001 --gid mock --home-dir /app --shell /usr/sbin/nologin mock

ENV VIRTUAL_ENV=/opt/venv \
    PATH=/opt/venv/bin:$PATH \
    PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1 \
    MOCK_OLLAMA_PORT=11434

WORKDIR /app

COPY --from=builder /opt/venv /opt/venv
COPY app.py ./

USER mock

EXPOSE 11434

HEALTHCHECK --interval=10s --timeout=3s --start-period=5s --retries=5 \
    CMD curl -fsS "http://127.0.0.1:${MOCK_OLLAMA_PORT}/api/version" || exit 1

CMD ["python", "-m", "app"]
