# Tier-1 companion image — multi-stage.
#
# Per `_docs/02_document/deployment/containerization.md` § Component Dockerfiles.
# Concrete deps land with the consuming component tasks; bootstrap (AZ-263)
# ships the multi-stage skeleton + healthcheck wiring.

# Stage 1: system deps -------------------------------------------------------
FROM ubuntu:22.04 AS system-deps
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y --no-install-recommends \
        ca-certificates \
        build-essential \
        cmake \
        git \
        libpq-dev \
        python3.10 \
        python3.10-venv \
        python3-pip \
    && rm -rf /var/lib/apt/lists/*

# Stage 2: python deps -------------------------------------------------------
FROM system-deps AS python-deps
WORKDIR /opt/gps-denied
COPY pyproject.toml ./
COPY src ./src
RUN python3 -m venv /opt/venv \
    && /opt/venv/bin/pip install --upgrade pip \
    && /opt/venv/bin/pip install --no-cache-dir -e ".[dev]"
ENV PATH="/opt/venv/bin:${PATH}"

# Stage 3: native build ------------------------------------------------------
FROM python-deps AS cpp-build
WORKDIR /opt/gps-denied
COPY . .
RUN cmake -S . -B build -DBUILD_TESTING=OFF \
    && cmake --build build --parallel

# Stage 4: runtime -----------------------------------------------------------
FROM ubuntu:22.04 AS runtime
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y --no-install-recommends \
        ca-certificates \
        python3.10 \
        libpq5 \
    && rm -rf /var/lib/apt/lists/*
COPY --from=python-deps /opt/venv /opt/venv
COPY --from=cpp-build /opt/gps-denied/build /opt/gps-denied/build
COPY --from=cpp-build /opt/gps-denied/src /opt/gps-denied/src
ENV PATH="/opt/venv/bin:${PATH}"
ENV PYTHONPATH="/opt/gps-denied/src"
WORKDIR /opt/gps-denied

HEALTHCHECK --interval=10s --timeout=3s --start-period=15s --retries=3 \
    CMD python3 -m gps_denied_onboard.healthcheck || exit 1

ENTRYPOINT ["python3", "-m", "gps_denied_onboard.runtime_root"]