FROM python:3.11-slim-bookworm

ENV DEBIAN_FRONTEND=noninteractive
ENV TZ=Etc/UTC
ENV PORT=7860
ENV HOME=/home/coder
ENV PIP_DISABLE_PIP_VERSION_CHECK=1
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

# 可固定 code-server 版本，提升可重复性
ARG CODE_SERVER_VERSION=4.109.2

# 1) 仅安装核心依赖（减重）
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates curl git bash sudo tini \
    # Java
    openjdk-17-jdk-headless maven \
    # Node
    nodejs npm \
    # C/C++
    build-essential g++ gcc make cmake ninja-build gdb clang clangd \
    # 常用工具
    jq procps unzip \
    && rm -rf /var/lib/apt/lists/*

# 2) 安装 code-server（固定版本）
RUN curl -fsSL "https://github.com/coder/code-server/releases/download/v${CODE_SERVER_VERSION}/code-server_${CODE_SERVER_VERSION}_amd64.deb" -o /tmp/code-server.deb \
    && dpkg -i /tmp/code-server.deb \
    && rm -f /tmp/code-server.deb

# 3) Python 核心依赖（减重版）
RUN pip install --no-cache-dir --upgrade pip setuptools wheel && \
    pip install --no-cache-dir \
    numpy pandas scipy scikit-learn matplotlib seaborn plotly \
    jupyter jupyterlab ipykernel notebook \
    requests httpx aiohttp pyyaml python-dotenv tqdm rich \
    flask fastapi uvicorn[standard] pydantic \
    sqlalchemy alembic psycopg2-binary redis \
    pytest pytest-cov black isort mypy ruff pre-commit

# 4) Codex CLI
RUN npm install -g @openai/codex

# 5) 创建运行用户
RUN useradd -m -u 1000 -s /bin/bash coder \
    && echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers \
    && mkdir -p /home/coder/.config/code-server /home/coder/.codex \
    && chown -R coder:coder /home/coder

# 6) 仅预装必要扩展（减少构建失败概率）
RUN su - coder -c "code-server --install-extension openai.chatgpt || true" && \
    su - coder -c "code-server --install-extension ms-python.python || true" && \
    su - coder -c "code-server --install-extension ms-toolsai.jupyter || true" && \
    su - coder -c "code-server --install-extension llvm-vs-code-extensions.vscode-clangd || true" && \
    su - coder -c "code-server --install-extension redhat.java || true"

COPY --chown=coder:coder start.sh /usr/local/bin/start.sh
RUN chmod +x /usr/local/bin/start.sh

USER coder
WORKDIR /home/coder

EXPOSE 7860
ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["/usr/local/bin/start.sh"]