# GuruRMM Server Dockerfile
# Multi-stage build for minimal image size

# ============================================
# Build Stage
# ============================================
FROM rust:1.85-alpine AS builder

# Install build dependencies
RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static pkgconfig

# Create app directory
WORKDIR /app

# Copy manifests first for better caching
COPY Cargo.toml Cargo.lock* ./

# Create dummy src to build dependencies
RUN mkdir src && echo "fn main() {}" > src/main.rs

# Pin home crate to version compatible with Rust 1.85 (0.5.12 requires Rust 1.88)
RUN cargo update home --precise 0.5.9

# Build dependencies only (this layer will be cached)
RUN cargo build --release && rm -rf src target/release/deps/gururmm*

# Copy actual source code
COPY src ./src
COPY migrations ./migrations

# Build the actual application
RUN cargo build --release

# ============================================
# Runtime Stage
# ============================================
FROM alpine:3.19

# Install runtime dependencies
RUN apk add --no-cache ca-certificates libgcc

# Create non-root user
RUN addgroup -g 1000 gururmm && \
    adduser -u 1000 -G gururmm -s /bin/sh -D gururmm

# Create app directory
WORKDIR /app

# Copy binary from builder
COPY --from=builder /app/target/release/gururmm-server /app/gururmm-server

# Copy migrations (for runtime migrations)
COPY --from=builder /app/migrations /app/migrations

# Set ownership
RUN chown -R gururmm:gururmm /app

# Switch to non-root user
USER gururmm

# Expose port
EXPOSE 3001

# Health check (use 127.0.0.1 instead of localhost to avoid IPv6 issues)
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:3001/health || exit 1

# Run the server
CMD ["/app/gururmm-server"]