# Build stage
FROM rust:alpine AS builder

WORKDIR /app

# Install build dependencies
RUN apk add --no-cache musl-dev ca-certificates perl make pkgconfig openssl-dev protobuf-dev openssl-libs-static

# Copy Cargo files first for better caching
COPY Cargo.toml Cargo.lock ./

# Fetch dependencies (this layer will be cached if Cargo.toml/Cargo.lock don't change)
RUN cargo fetch --locked

# Copy source code
COPY src ./src
COPY migrations ./migrations
COPY proto ./proto
COPY build.rs ./

# Build the application
# Using --locked to ensure reproducible builds
RUN cargo build --release --locked --target x86_64-unknown-linux-musl

# Runtime stage
FROM alpine:latest

# Install runtime dependencies
RUN apk --no-cache add ca-certificates tzdata && \
    # Add wget for health checks
    apk --no-cache add wget && \
    # Clean up apk cache
    rm -rf /var/cache/apk/*

# Create non-root user for security
RUN addgroup -g 1001 -S app && \
    adduser -S app -u 1001 -G app -h /app -s /bin/sh

# Set working directory
WORKDIR /app

# Copy binary from builder
COPY --from=builder --chown=app:app /app/target/x86_64-unknown-linux-musl/release/chat-server /app/chat-server

# Copy migrations if they exist
COPY --from=builder --chown=app:app /app/migrations ./migrations

# Switch to app user
USER app

# Expose port
EXPOSE 8081

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://localhost:8081/health || exit 1

# Run the application
CMD ["./chat-server"] 