FROM node:22-slim AS builder

WORKDIR /app

# Copy package files
COPY package*.json ./
COPY tsconfig.json ./

# Install dependencies
RUN npm install

# Copy protobuf definitions
COPY protobuf ../protobuf/

# Copy source
COPY src ./src

# Build (includes protobuf generation)
RUN npm run build

# Production image
FROM node:22-slim

WORKDIR /app

# Install dependencies for Ollama (early in the build for caching)
RUN apt-get update && apt-get install -y curl bash zstd ca-certificates && rm -rf /var/lib/apt/lists/*

# Install Ollama (before npm dependencies for better caching)
RUN curl -fsSL https://ollama.com/install.sh | sh

# Create non-root user early (before pulling model)
RUN groupadd --gid 1001 nodejs && \
    useradd --uid 1001 --gid nodejs --shell /bin/bash --create-home nodejs && \
    chown -R nodejs:nodejs /app

# Pull embedding model (all-minilm: 90MB, CPU-friendly) as nodejs user
# This is the most expensive operation, so do it early
USER nodejs
RUN ollama serve & \
    OLLAMA_PID=$! && \
    sleep 10 && \
    ollama pull all-minilm && \
    kill $OLLAMA_PID && \
    wait $OLLAMA_PID || true

# Switch back to root for remaining setup
USER root

# Copy package files
COPY package*.json ./

# Install production dependencies only
RUN npm install --omit=dev

# Copy built application
COPY --from=builder /app/dist ./dist

# Copy protobuf definitions for runtime loading
COPY protobuf ./protobuf

# Copy k8s templates (not included in TypeScript build)
COPY src/k8s/templates ./dist/k8s/templates

# Copy entrypoint script
COPY entrypoint.sh ./
RUN chmod +x entrypoint.sh

# Ensure nodejs user owns everything
RUN chown -R nodejs:nodejs /app

USER nodejs

EXPOSE 3000

ENTRYPOINT ["./entrypoint.sh"]