# syntax=docker/dockerfile:1.7

FROM ghcr.io/astral-sh/uv:python3.12-bookworm-slim

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    AUTHZ_HOST=0.0.0.0 \
    AUTHZ_PORT=19090 \
    AUTHZ_DATA_DIR=/var/lib/authz-service/data

WORKDIR /opt/authz-service

COPY src/pyproject.toml src/uv.lock ./
RUN mkdir -p app && touch app/__init__.py && \
    uv pip install --system --no-cache .

COPY src/app ./app
RUN uv pip install --system --no-cache .

COPY runtime/seed-data /opt/authz-service/seed-data
COPY docker-entrypoint.sh /opt/authz-service/docker-entrypoint.sh

RUN chmod +x /opt/authz-service/docker-entrypoint.sh && \
    mkdir -p /var/lib/authz-service/data

EXPOSE 19090

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=5 CMD python -c "import json, urllib.request; payload = json.loads(urllib.request.urlopen('http://127.0.0.1:19090/healthz', timeout=3).read().decode('utf-8')); assert payload.get('status') == 'ok'"

ENTRYPOINT ["/opt/authz-service/docker-entrypoint.sh"]