# syntax=docker/dockerfile:1.6

FROM python:3.11-slim AS runtime

ENV PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1 \
    ANSIBLE_FORCE_COLOR=1

RUN apt-get update \
    && apt-get install -y --no-install-recommends \
        openssh-client \
        sshpass \
        git \
        curl \
        ca-certificates \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /opt/ansible-ui

RUN useradd --create-home --shell /bin/bash appuser \
    && mkdir -p \
        /opt/ansible-ui/app \
        /opt/ansible/playbooks \
        /opt/ansible/inventories \
        /opt/ansible/ssh-keys \
        /var/lib/ansible_ui \
        /var/log/ansible_ui \
    && chown -R appuser:appuser \
        /opt/ansible-ui \
        /opt/ansible/playbooks \
        /opt/ansible/inventories \
        /opt/ansible/ssh-keys \
        /var/lib/ansible_ui \
        /var/log/ansible_ui

RUN pip install --no-cache-dir \
        ansible \
        fastapi \
        uvicorn[standard] \
        jinja2 \
        python-multipart \
        aiofiles

COPY app /opt/ansible-ui/app

USER appuser

ENV DATA_ROOT=/opt/ansible-ui \
    PLAYBOOK_DIR=/opt/ansible/playbooks \
    INVENTORY_DIR=/opt/ansible/inventories \
    SSH_KEY_DIR=/opt/ansible/ssh-keys \
    DB_PATH=/var/lib/ansible_ui/ansible_ui.db \
    LOG_DIR=/var/log/ansible_ui \
    HTPASSWD_PATH=/opt/ansible-ui/.htpasswd

VOLUME ["/opt/ansible/playbooks", "/opt/ansible/inventories", "/opt/ansible/ssh-keys", "/var/lib/ansible_ui", "/var/log/ansible_ui"]

EXPOSE 8000

CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]