# syntax=docker/dockerfile:1.7
# Build context: provisioning/ (pass --local context=. from provisioning/ root)
# Dockerfile path (buildctl): platform/crates/ops-keeper/Dockerfile
# Runs natively on ARM64 ephemeral runner (CAX/CCX) — no cross-compilation.
# aws_lc_rs (jsonwebtoken dep) requires cmake + perl for the C build.

FROM rust:bookworm AS builder

RUN apt-get update && apt-get install -y --no-install-recommends \
    pkg-config libssl-dev ca-certificates cmake perl \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /workspace

COPY platform/crates/ops-keeper/Cargo.workspace.toml Cargo.toml
COPY platform/crates/ops-keeper/ crates/ops-keeper/

RUN --mount=type=cache,target=/root/.cargo/registry,sharing=locked \
    --mount=type=cache,target=/root/.cargo/git,sharing=locked \
    --mount=type=cache,target=/workspace/target,sharing=locked \
    cargo build --release --package ops-keeper && \
    cp target/release/keeper-daemon /keeper-daemon && \
    cp target/release/keeper-cli /keeper-cli

FROM debian:bookworm-slim

RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*

COPY --from=builder /keeper-daemon /keeper-daemon
COPY --from=builder /keeper-cli /keeper-cli

ENTRYPOINT ["/keeper-daemon"]
