# ARQERA blockage detector
#
# Multi-stage keeps the final image small. The `twin` binary is copied from
# a build-arg image so the detector can emit substrate acts. When twin is
# unavailable (e.g. CI smoke) the detector runs with EMIT_ACTS=0.

FROM python:3.12-slim AS runtime

WORKDIR /app

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    METRICS_PORT=9092 \
    POLL_INTERVAL_SECONDS=30 \
    EMIT_ACTS=1 \
    TWIN_CLI=twin \
    TWIN_USE_KEYCHAIN=0 \
    LOG_LEVEL=INFO

# Install minimal runtime deps
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Optional: the twin binary. The canonical image expects a twin CLI at /usr/local/bin/twin.
# If the binary is absent, the detector will fail to emit acts but still run.
# Builders can COPY it in via a multi-stage or bind-mount at runtime.

COPY clients.py rules.py state.py substrate.py detector.py ./

EXPOSE 9092

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
  CMD python -c "import urllib.request as u, sys; \
r = u.urlopen('http://localhost:${METRICS_PORT}/metrics', timeout=3); \
sys.exit(0 if r.status == 200 else 1)"

USER nobody

ENTRYPOINT ["python", "/app/detector.py"]
