# Debian Forge (OSBuild Core) Container
# Optimized for build performance with worker pool and resource limits

FROM debian:trixie-slim

# Install system dependencies for osbuild
RUN apt-get update && apt-get install -y \
    python3 \
    python3-pip \
    python3-setuptools \
    python3-wheel \
    ca-certificates \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Install osbuild from the local source
COPY . /tmp/osbuild
RUN cd /tmp/osbuild && \
    python3 -m pip install --no-cache-dir -e . && \
    rm -rf /tmp/osbuild

# Create non-root user for security
RUN useradd -r -s /bin/bash -u 1000 osbuild

# Set up osbuild directories
RUN mkdir -p /var/lib/osbuild /var/cache/osbuild /var/log/osbuild && \
    chown -R osbuild:osbuild /var/lib/osbuild /var/cache/osbuild /var/log/osbuild

# Set working directory
WORKDIR /var/lib/osbuild

# Switch to non-root user
USER osbuild

# Expose osbuild worker port (if applicable)
EXPOSE 8700

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD python3 -c "import osbuild; print('OSBuild available')" || exit 1

# Default command - osbuild worker
CMD ["python3", "-m", "osbuild", "worker", "--config", "/etc/osbuild/osbuild-worker.toml"]

# Labels for container management
LABEL org.opencontainers.image.title="Debian Forge (OSBuild Core)"
LABEL org.opencontainers.image.description="Debian Forge OSBuild - Image building engine"
LABEL org.opencontainers.image.vendor="Debian Forge Team"
LABEL org.opencontainers.image.source="https://git.raines.xyz/particle-os/debian-forge"