# Use the official Debian 12 (Bookworm) base image
FROM debian:12

# Set environment variables to avoid interactive prompts during package installation
ENV DEBIAN_FRONTEND=noninteractive

# Install system-level dependencies as root
RUN apt-get update && \
    apt-get install -y \
        build-essential \
        curl \
        git \
        cmake \
        clang \
        pkg-config \
        ccache \
        wget \
        vim \
        expect

# Create a non-root user and set up their environment
RUN useradd -m user && \
    mkdir -p /home/user/code && \
    chown -R user:user /home/user

# Switch to the non-root user
USER user
WORKDIR /home/user

RUN mkdir -p /home/user/code/models && \
    mkdir -p /home/user/code/app/wwwroot && \
    cd /home/user/code/models && \
    wget -q https://huggingface.co/Mungert/Phi-4-mini-instruct.gguf/resolve/main/phi-4-mini-q4_0.gguf


# Clone and build OpenBLAS as the non-root user
RUN git clone https://github.com/OpenMathLib/OpenBLAS.git /home/user/code/models/OpenBLAS && \
    cd /home/user/code/models/OpenBLAS && \
    make -j2 > build.log 2>&1 || (tail -20 build.log && false)

# Switch to root for the OpenBLAS installation
USER root
RUN cd /home/user/code/models/OpenBLAS && \
    make install > install.log 2>&1 || (tail -20 install.log && false) && \
    cp /opt/OpenBLAS/lib/libopenblas* /usr/local/lib/

# Switch back to the non-root user
USER user

# Clone and build llama.cpp with OpenBLAS support as the non-root user
RUN git clone https://github.com/ggerganov/llama.cpp /home/user/code/models/llama.cpp && \
    cd /home/user/code/models/llama.cpp && \
    git checkout b5912 && \
    export PKG_CONFIG_PATH=/opt/OpenBLAS/lib/pkgconfig:$PKG_CONFIG_PATHa && \
    cmake -B build -DGGML_BLAS=ON -DGGML_BLAS_VENDOR=OpenBLAS -DBLAS_INCLUDE_DIRS=/home/user/code/models/OpenBLAS -DLLAMA_CURL=OFF && \
    cmake --build build --config Release -j2 && \
    cp /home/user/code/models/llama.cpp/build/bin/* /home/user/code/models/llama.cpp/



# Install .NET 9.0 as the non-root user
RUN wget https://dot.net/v1/dotnet-install.sh -O dotnet-install.sh && \
    chmod +x dotnet-install.sh && \
    ./dotnet-install.sh --channel 9.0

# Set persistent environment variables
ENV DOTNET_ROOT=/home/user/.dotnet
ENV PATH=$PATH:$DOTNET_ROOT:$DOTNET_ROOT/tools

# Verify .NET installation and current user
RUN whoami && dotnet --version

# Clone repositories using the GITHUB_TOKEN secret
RUN --mount=type=secret,id=GITHUB_TOKEN,mode=0444,required=true \
    git clone https://$(cat /run/secrets/GITHUB_TOKEN)@github.com/Mungert69/NetworkMonitorLib.git /home/user/code/NetworkMonitorLib && \
    git clone https://$(cat /run/secrets/GITHUB_TOKEN)@github.com/Mungert69/NetworkMonitorLLM.git /home/user/code/NetworkMonitorLLM && \
    git clone https://$(cat /run/secrets/GITHUB_TOKEN)@github.com/Mungert69/NetworkMonitorData.git /home/user/code/NetworkMonitorData


# Copy files into the container as the non-root user
COPY --chown=user:user system_prompt_phi_4_mini /home/user/code/models/system_prompt_phi_4_mini
COPY --chown=user:user system_prompt_phi_4_mini_run /home/user/code/models/system_prompt_phi_4_mini_run
COPY --chown=user:user appsettings.json /home/user/code/app/appsettings.json
COPY --chown=user:user index.html /home/user/code/app/wwwroot/index.html
COPY --chown=user:user append_run.sh /home/user/code/models/append_run.sh
COPY --chown=user:user expect-build-phi-4-mini /home/user/code/models/expect-build-phi-4-mini

# Set permissions for scripts as the non-root user
RUN chmod +x /home/user/code/models/append_run.sh && \
    chmod +x /home/user/code/models/expect-build-phi-4-mini 

# Set the working directory for the build-phi-4-mini script
WORKDIR /home/user/code/models

# Run the build-phi-4-mini script
RUN ./expect-build-phi-4-mini

# Expose port 7860 for Hugging Face Spaces
EXPOSE 7860
# Set the working directory
WORKDIR /home/user/code/NetworkMonitorLLM

# Build the .NET project as the non-root user
RUN dotnet restore && \
    dotnet build -c Release

RUN cp -r /home/user/code/NetworkMonitorLLM/bin/Release/net9.0/* /home/user/code/app/ && \
    rm -rf /home/user/code/NetworkMonitorLib /home/user/code/NetworkMonitorLLM /home/user/code/NetworkMonitorData

# Set the working directory to the `app` directory
WORKDIR /home/user/code/app

# Run the .NET app as the non-root user
CMD ["dotnet", "NetworkMonitorLLM.dll", "--urls", "http://0.0.0.0:7860"]