# Stage 1: 克隆代码并构建前端
FROM node:20-slim AS builder

RUN apt-get update && apt-get install -y --no-install-recommends git ca-certificates && \
    rm -rf /var/lib/apt/lists/*

# 解决 SSL 证书验证问题
ENV GIT_SSL_NO_VERIFY=1

WORKDIR /build
RUN git clone https://github.com/819557056/gemini-business2api.git .

# 构建前端
WORKDIR /build/frontend
RUN npm install --silent && npm run build

# Stage 2: 最终运行时镜像
FROM python:3.11-slim

# 设置环境变量
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    TZ=Asia/Shanghai \
    HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH \
    CHROME_PATH=/usr/bin/chromium

# 创建 HF 强制要求的非 root 用户（uid=1000）
RUN useradd -m -u 1000 user

WORKDIR $HOME/app

# 从 builder 阶段复制整个项目（包含构建好的 static）
COPY --from=builder /build $HOME/app

# 安装系统依赖和 Python 依赖
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        gcc \
        curl \
        tzdata \
        chromium chromium-driver \
        dbus dbus-x11 \
        xvfb xauth \
        libglib2.0-0 libnss3 libnspr4 libatk1.0-0 libatk-bridge2.0-0 \
        libcups2 libdrm2 libxkbcommon0 libxcomposite1 libxdamage1 \
        libxfixes3 libxrandr2 libgbm1 libasound2 libpango-1.0-0 \
        libcairo2 fonts-liberation fonts-noto-cjk && \
    ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && \
    pip install --no-cache-dir -r requirements.txt && \
    apt-get purge -y gcc && \
    apt-get autoremove -y && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# 创建数据目录并设置权限
RUN mkdir -p ./data && \
    chown -R user:user $HOME/app && \
    chmod -R 755 $HOME/app && \
    chmod 777 ./data && \
    chmod +x entrypoint.sh

# 声明端口
EXPOSE 7860

# 切换到非 root 用户（HF Space 强制要求）
USER user

# 健康检查
HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
    CMD curl -f http://localhost:7860/admin/health || exit 1

# 启动服务：首次运行时执行数据库迁移（自动回答所有提示），之后跳过
CMD ["sh", "-c", "if [ ! -f ./data/.migrated ]; then yes yes | python scripts/migrate_to_database.py && touch ./data/.migrated; fi; ./entrypoint.sh"]