FROM node:20-bookworm

ENV DEBIAN_FRONTEND=noninteractive \
    PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PUID=1000 \
    PGID=1000 \
    CODEX_HOME=/home/codex

RUN apt-get update \
    && apt-get install --yes --no-install-recommends \
        python3 \
        python3-venv \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

# Install the official Codex CLI so the container can invoke `codex prompt`.
# The CLI expects credentials/configuration from the mounted ~/.codex directory.
RUN npm install --location=global @openai/codex

RUN groupmod --new-name codex node \
    && usermod --login codex --home /home/codex --move-home node \
    && chown -R codex:codex /home/codex

WORKDIR /app

COPY watch_and_customize.py entrypoint.sh JobDescriptionNormalizerPrompt.md ./

RUN chmod +x /app/watch_and_customize.py /app/entrypoint.sh

USER codex

ENTRYPOINT ["/app/entrypoint.sh"]