# ----------  1. 基础镜像 ----------
FROM node:20

# ----------  2. 系统级依赖 ----------
RUN apt-get update && apt-get install -y git curl && rm -rf /var/lib/apt/lists/*

# ----------  3. 创建非 root 用户 ----------
RUN groupadd -r -g 1001 opencode && \
    useradd -r -g opencode -u 1001 opencode && \
    mkdir -p /home/opencode && \
    chown opencode:opencode /home/opencode

# ----------  5. 全局安装 opencode-ai ----------
#    安装完先验证二进制是否存在，若不存在就手动解压
RUN npm install -g opencode-ai@latest && \
    if [ ! -f /usr/local/lib/node_modules/opencode-ai/node_modules/opencode-linux-x64/bin/opencode ]; then \
        cd /usr/local/lib/node_modules/opencode-ai && \
        npm run postinstall; \
    fi

# ---------- 6. 工作目录 ----------
WORKDIR /app
COPY --chown=opencode:opencode package*.json ./
COPY --chown=opencode:opencode . /app
RUN if [ -f package.json ]; then npm ci --only=production; fi

# ---------- 7. 修正权限 ----------
RUN chown -R opencode:opencode /app /home/opencode

# ---------- 8. 启动脚本 ----------
USER opencode
RUN mkdir -p /home/opencode/.local/bin
RUN printf '#!/bin/sh\n\
echo "Starting OpenCode AI Web Server ..."\n\
exec /usr/local/bin/opencode serve --hostname 0.0.0.0 --port 7860\n' > /home/opencode/.local/bin/start.sh && \
    chmod +x /home/opencode/.local/bin/start.sh

# ---------- 9. 端口与健康检查 ----------
EXPOSE 7860
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:7860/health || exit 1

CMD ["/home/opencode/.local/bin/start.sh"]