# ──────────────────────────────────────────────────────────────────────────
# Render blueprint — guichetoi-ml as a Private Service
# ──────────────────────────────────────────────────────────────────────────
# Topology:
#   Angular (Static Site) → Spring Boot (Web Service) → guichetoi-ml (this)
#
# Private services have no public URL — only other services in the same
# Render account can reach them at  http://guichetoi-ml:10000.
# No CORS required, no public attack surface on the ML model.
#
# Deployment:
#   1. Build + push the image locally (the GitHub runner doesn't have models):
#        make release                  # builds + pushes to GHCR
#   2. Configure a GHCR registry credential in Render dashboard
#      (Settings → Registry Credentials) and reference it below as
#      `fromRegistryCreds.name`.
#   3. Blueprint-deploy this file from the Render dashboard. Render pulls
#      the image, allocates a Pro instance (2 GB RAM, required by LayoutLMv3),
#      and starts polling /health until pipeline_loaded == true (~30 s).
# ──────────────────────────────────────────────────────────────────────────

services:
  - type: pserv                # private service — internal-only, no public URL
    name: guichetoi-ml
    runtime: image
    region: frankfurt          # pick whatever matches your Spring Boot region
    plan: pro                  # 2 GB RAM — minimum viable for LayoutLMv3
    image:
      url: ghcr.io/medaziz012/guichetoi-ml:latest
      # Reference a registry credential created in the Render dashboard.
      # Render Settings → Registry Credentials → add one named "ghcr"
      # with username = GitHub username, password = a PAT with `read:packages`.
      creds:
        fromRegistryCreds:
          name: ghcr
    healthCheckPath: /health   # Render polls this; first hit returns
                               # pipeline_loaded:false until weights load
    autoDeploy: true           # redeploy on `:latest` tag updates
    envVars:
      - key: PORT
        value: "10000"         # Render convention — Dockerfile honours $PORT
      - key: GUICHETOI_CORS_ORIGINS
        value: ""              # private service, no browsers talk to it
      # Optional model-path overrides (paths inside the image at /app):
      # - key: GUICHETOI_CLASSIFIER_DIR
      #   value: /app/models/classifier
      # - key: GUICHETOI_EXTRACTOR_DIR
      #   value: /app/models/extractor_v3_backup_v2