Dockerfile.index

FROM public.ecr.aws/lambda/python:3.12

LABEL org.opencontainers.image.source=https://github.com/CDCgov/dibbs-text-to-code
LABEL org.opencontainers.image.licenses=Apache-2.0

# Set the environment variable to prod by default
ARG ENVIRONMENT=prod
ENV ENVIRONMENT=${ENVIRONMENT}

# Initialize the index_lambda directory
RUN mkdir -p "${LAMBDA_TASK_ROOT}/src/index_lambda"

# Update OS packages for CVE fixes and drop the Runtime Interface Emulator
# (only used for local Lambda emulation). All pip dependencies install from
# prebuilt wheels, so no compiler toolchain is needed — keeping gcc-c++ out
# of the image also keeps its build-time deps (kernel-headers, rust-toolset)
# off the runtime layer, which is where the HIGH-severity CVEs come from.
# --releasever=latest is required: AL2023 base images pin to a snapshot release.
RUN microdnf update -y --releasever=latest \
    && microdnf clean all \
    && rm -f /usr/local/bin/aws-lambda-rie

# Copy over just the pyproject.toml file and install the dependencies doing this
# before copying the rest of the code allows for caching of the dependencies
COPY ./packages/shared-models ${LAMBDA_TASK_ROOT}/shared-models
RUN pip install --no-cache-dir "${LAMBDA_TASK_ROOT}/shared-models"

COPY ./packages/utils ${LAMBDA_TASK_ROOT}/utils
RUN pip install --no-cache-dir "${LAMBDA_TASK_ROOT}/utils"

COPY ./packages/lambda-handler ${LAMBDA_TASK_ROOT}/lambda-handler
RUN pip install --no-cache-dir "${LAMBDA_TASK_ROOT}/lambda-handler"

COPY ./packages/index-lambda ${LAMBDA_TASK_ROOT}/index-lambda
RUN pip install --no-cache-dir "${LAMBDA_TASK_ROOT}/index-lambda" \
    && pip install --no-cache-dir --upgrade "urllib3>=2.7.0"

# Copy over the rest of the code
COPY ./packages/index-lambda/src ${LAMBDA_TASK_ROOT}/src
COPY README.md ${LAMBDA_TASK_ROOT}/README.md

ENV PYTHONPATH="${LAMBDA_TASK_ROOT}/src/index_lambda"

CMD [ "index_lambda.lambda_function.handler" ]