# ─────────────────────────────────────────────────────────────────
#  Ten31 Database — StartOS 0.4 container image
# ─────────────────────────────────────────────────────────────────
#  Build context (from the startos manifest dockerBuild.workdir)
#  is the repository root (two levels up from start9/0.4/), so all
#  COPY paths below are relative to the repo root.
#
#  This image is intentionally self-contained under start9/0.4/:
#  no files are pulled from start9/0.3.5/ so the two packages can
#  evolve independently.
#
#  As of 0.1.0:40 the image NO LONGER ships a seed snapshot. The
#  initial migration from 0.3.5 has been completed; from this
#  release forward the live /data volume on the StartOS host is
#  the sole source of truth and is preserved across sideloads.
# ─────────────────────────────────────────────────────────────────
FROM python:3.11-slim

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    CRM_ENV=production \
    CRM_HOST=0.0.0.0 \
    CRM_PORT=8080 \
    CRM_DATA_DIR=/data \
    CRM_FRONTEND_DIR=/app/frontend

WORKDIR /app

RUN apt-get update \
  && apt-get install -y --no-install-recommends ca-certificates curl \
  && rm -rf /var/lib/apt/lists/*

# ── Python dependencies ─────────────────────────────────────────
# Only one hard dep for now: `cryptography` is required by the Gmail
# integration's RS256 JWT signing (DWD bearer tokens). Everything else
# server.py needs is stdlib.
RUN pip install --no-cache-dir cryptography==42.0.5

# ── Application source ──────────────────────────────────────────
COPY backend/server.py        /app/backend/server.py
COPY backend/email_integration /app/backend/email_integration
COPY frontend                 /app/frontend

# ── StartOS wrapper scripts ─────────────────────────────────────
COPY start9/0.4/docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh
COPY start9/0.4/healthcheck.sh       /usr/local/bin/healthcheck.sh

RUN chmod +x /usr/local/bin/docker_entrypoint.sh \
             /usr/local/bin/healthcheck.sh

EXPOSE 8080
ENTRYPOINT ["/usr/local/bin/docker_entrypoint.sh"]
