FROM python:3.11-slim-bookworm

ENV DEBIAN_FRONTEND=noninteractive
ENV TZ=Etc/UTC
ENV PORT=7860
ENV HOME=/home/coder
ENV PIP_DISABLE_PIP_VERSION_CHECK=1
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

ARG CODE_SERVER_VERSION=4.109.2

RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates curl git bash sudo tini jq procps unzip \
    # C/C++ 基础工具链 + 头文件
    build-essential gcc g++ make cmake ninja-build gdb clang clangd \
    libc6-dev linux-libc-dev pkg-config \
    # Java + Node
    openjdk-17-jdk-headless maven \
    nodejs npm \
    && rm -rf /var/lib/apt/lists/*

# 安装 code-server（固定版本）
RUN curl -fsSL "https://github.com/coder/code-server/releases/download/v${CODE_SERVER_VERSION}/code-server_${CODE_SERVER_VERSION}_amd64.deb" -o /tmp/code-server.deb \
    && dpkg -i /tmp/code-server.deb \
    && rm -f /tmp/code-server.deb

# Python 核心依赖（精简）
RUN pip install --no-cache-dir --upgrade pip setuptools wheel && \
    pip install --no-cache-dir \
    numpy pandas scipy scikit-learn matplotlib \
    jupyterlab ipykernel notebook \
    requests httpx aiohttp pyyaml python-dotenv tqdm rich \
    fastapi uvicorn[standard] pydantic flask \
    sqlalchemy alembic psycopg2-binary redis \
    pytest black isort ruff mypy

# Codex CLI
RUN npm install -g @openai/codex && npm cache clean --force

# 创建用户
RUN useradd -m -u 1000 -s /bin/bash coder \
    && echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers \
    && mkdir -p /home/coder/.config/code-server /home/coder/.codex \
    && chown -R coder:coder /home/coder

# 快速验证 C 编译环境（构建期）
RUN printf '#include <stdio.h>\nint main(){puts("ok");return 0;}\n' > /tmp/t.c \
    && gcc /tmp/t.c -o /tmp/t \
    && /tmp/t | grep -q ok \
    && rm -f /tmp/t.c /tmp/t

COPY --chown=coder:coder start.sh /usr/local/bin/start.sh
RUN chmod +x /usr/local/bin/start.sh

USER coder
WORKDIR /home/coder

EXPOSE 7860
ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["/usr/local/bin/start.sh"]