FROM rocker/verse:4.5.2

# System dependencies for arrow, lightgbm, and ggplot2 (ragg/textshaping)
# Quarto is pre-installed in rocker/verse
RUN apt-get update && apt-get install -y --no-install-recommends \
    cmake \
    libcurl4-openssl-dev \
    libssl-dev \
    libxml2-dev \
    libglpk-dev \
    libfontconfig1-dev \
    libfreetype6-dev \
    libharfbuzz-dev \
    libfribidi-dev \
    libpng-dev \
    libjpeg-dev \
    libtiff-dev \
    libzstd-dev \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app

# Copy renv infrastructure first so package restore is a cached layer.
# Changes to source code below will not invalidate this layer.
COPY renv.lock .Rprofile ./
COPY renv/activate.R renv/settings.json renv/

RUN Rscript -e "renv::restore(prompt = FALSE)"

# Copy the full package source
COPY . .

# Install the local package into the renv library, then re-run restore so
# any package that renv skipped by finding it in the rocker system library
# (e.g. styler) ends up in the project library where renv can actually see it.
RUN Rscript -e "renv::install('.')" && \
    Rscript -e "renv::restore(prompt = FALSE)"

# Non-secret default — override with --env at runtime if needed
ENV BAF_BUCKET=lake

# Secrets and endpoint are injected at runtime — never baked into the image:
#   docker run \
#     --env BAF_ENDPOINT=172.19.0.1:9100 \
#     --env BAF_KEY=... \
#     --env BAF_SECRET=... \
#     bankfraud
CMD ["Rscript", "deploy.R"]
