FROM ghcr.io/astral-sh/uv:python3.11-bookworm-slim

WORKDIR /app

ENV UV_LINK_MODE=copy \
    UV_COMPILE_BYTECODE=1 \
    VIRTUAL_ENV=/app/.venv \
    PYTHONUNBUFFERED=1 \
    PYTHONPATH=/app

# Runtime deps into a venv, all from the package index (wire is published).
RUN uv venv "$VIRTUAL_ENV" && \
    uv pip install --python "$VIRTUAL_ENV/bin/python" --no-cache \
        "dollarsmore-wire>=0.1.0" "requests>=2.34.2,<3" "redis>=5.3.1,<6"

# faro is self-contained: it imports only faro + wire + requests/redis, so the
# image carries no proprietary strategy code and is safe to publish.
COPY faro/ ./faro/

# Container healthcheck (read by Docker and RouterOS 7.23+). The service writes
# /app/health/heartbeat each loop iteration; the probe passes when the file is
# fresh (consumer loop alive) and its first line is "healthy". The health/ dir is
# created at runtime by the writer, so it is not a persisted output dir.
HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
    CMD find /app/health/heartbeat -mmin -2 | grep -q . \
        && grep -q '^healthy' /app/health/heartbeat

# Account + Redis URL are read from TASTYTRADE_ACCOUNT / REDIS_URL; the OAuth
# session reads TASTYTRADE_CLIENT_SECRET / TASTYTRADE_REFRESH_TOKEN. Cert by
# default; pass --prod for production.
CMD ["/app/.venv/bin/python", "-m", "faro"]
