FROM public.ecr.aws/gravitational/tbot-distroless:17 AS tbot-bin

FROM public.ecr.aws/docker/library/python:3.12-slim AS base

WORKDIR /app

# Install tbot (for kubeconfig exec plugin), tsh, and kubectl
COPY --from=tbot-bin /usr/local/bin/tbot /usr/local/bin/tbot
RUN apt-get update && apt-get install -y --no-install-recommends curl \
    && curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" \
    && chmod +x kubectl && mv kubectl /usr/local/bin/ \
    && curl -fsSL -o /tmp/teleport.tar.gz "https://cdn.teleport.dev/teleport-v18.6.6-linux-amd64-bin.tar.gz" \
    && tar xzf /tmp/teleport.tar.gz -C /tmp \
    && mv /tmp/teleport/tsh /usr/local/bin/tsh \
    && rm -rf /tmp/teleport /tmp/teleport.tar.gz \
    && apt-get remove -y curl && apt-get autoremove -y && rm -rf /var/lib/apt/lists/*

# Install cube-common first (local dependency)
COPY packages/cube-common/ /tmp/cube-common/
RUN pip install --no-cache-dir /tmp/cube-common/ && rm -rf /tmp/cube-common/

# Install cube-cloud
COPY packages/cube-cloud/ /tmp/cube-cloud/
RUN pip install --no-cache-dir /tmp/cube-cloud/ && rm -rf /tmp/cube-cloud/

EXPOSE 8000

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
    CMD python -c "import httpx; httpx.get('http://localhost:8000/health').raise_for_status()"

CMD ["cube-cloud"]
