# Rules Engine Dockerfile
# Event-driven automation rules processor with MQTT and Redis

FROM python:3.14-alpine

# Prevent Python from writing .pyc files and enable unbuffered output
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    RULES_CONFIG=config/rules.yaml \
    MQTT_BROKER=172.16.2.16 \
    MQTT_PORT=1883 \
    REDIS_HOST=localhost \
    REDIS_PORT=6379 \
    REDIS_DB=8 \
    LOG_LEVEL=INFO

# Create non-root user
RUN addgroup -g 10001 -S app && \
    adduser -u 10001 -S app -G app

# Set working directory
WORKDIR /app

# Install system dependencies
RUN apk add --no-cache \
    gcc \
    musl-dev \
    linux-headers

# Install Python dependencies
COPY apps/rules/requirements.txt /app/requirements.txt
RUN pip install --no-cache-dir -r requirements.txt

# Copy application code
COPY apps/__init__.py /app/apps/
COPY apps/rules/ /app/apps/rules/
COPY packages/ /app/packages/
COPY config/ /app/config/

# Change ownership to non-root user
RUN chown -R app:app /app

# Switch to non-root user
USER app

# Expose no ports (MQTT/Redis client only)

# Health check (check if process is running)
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD pgrep -f "apps.rules.main" || exit 1

# Run the rules engine
CMD ["python", "-m", "apps.rules.main"]