# syntax=docker/dockerfile:1.7
# Build context: provisioning/ (pass --local context=. from provisioning/ root)
# Dockerfile path (buildctl): platform/crates/buildkit-launcher/Dockerfile
# Target architecture: aarch64 (CAX/CCX Woodpecker agents are ARM64)
# Cache: --export-cache / --import-cache against zot /cache/buildkit-launcher

FROM rust:bookworm AS builder

RUN apt-get update && apt-get install -y --no-install-recommends \
    pkg-config libssl-dev ca-certificates \
    && rm -rf /var/lib/apt/lists/*

RUN rustup target add aarch64-unknown-linux-gnu

WORKDIR /workspace

# Cargo.workspace.toml is a self-contained workspace manifest: it omits all
# path deps that point outside this build context (ontoref, stratumiops, etc.).
# It must define every key that the crate's Cargo.toml inherits via .workspace = true.
COPY platform/crates/buildkit-launcher/Cargo.workspace.toml Cargo.toml
COPY platform/crates/buildkit-launcher/ crates/buildkit-launcher/

RUN --mount=type=cache,target=/root/.cargo/registry,sharing=locked \
    --mount=type=cache,target=/root/.cargo/git,sharing=locked \
    --mount=type=cache,target=/workspace/target,sharing=locked \
    cargo build --release --target aarch64-unknown-linux-gnu \
      --package buildkit-launcher && \
    cp target/aarch64-unknown-linux-gnu/release/buildkit-launcher /buildkit-launcher-bin

FROM debian:bookworm-slim

RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates openssh-client \
    && rm -rf /var/lib/apt/lists/*

COPY --from=builder /buildkit-launcher-bin /buildkit-launcher

ENTRYPOINT ["/buildkit-launcher"]
