FROM python:3.11-alpine

# Enforcement to ensure passwords environment variables are not left blank.
# This won't stop bad passwords from being used, but at least won't cause
# errors or, worse, weaker crypt.
ARG POSTGRES_PASSWORD
ENV ENV_POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
RUN [ ! -z "${ENV_POSTGRES_PASSWORD}" ] || { echo "CrowdTLS-server build error: Set POSTGRES_PASSWORD in .env."; exit 1; }

# Copy project into Docker image, skipping entries in .dockerignore.
WORKDIR /crowdtls
COPY . .

# Install ghostforge from the work directory.
RUN pip install .

# Expose the web "serve" port specific in the environment variables.
ARG CROWDTLS_INTERNAL_WEB_PORT
ENV ENV_CROWDTLS_INTERNAL_WEB_PORT=${CROWDTLS_INTERNAL_WEB_PORT}
EXPOSE ${ENV_CROWDTLS_INTERNAL_WEB_PORT}

ENV PYTHONPATH=/ghostforge

# TODO: Replace with ghostforge_serve when it works.
# This currently just keeps the container running for development.
CMD ["sh", "-c", "uvicorn crowdtls.cli:app --host 0.0.0.0 --port $CROWDTLS_INTERNAL_WEB_PORT"]