# Build stage
FROM rust:1.75 as builder

WORKDIR /app

# Copy manifests
COPY Cargo.toml Cargo.lock ./
COPY build.rs ./

# Copy source code
COPY src ./src

# Build release binary
RUN cargo build --release

# Runtime stage
FROM debian:bookworm-slim

# Install runtime dependencies
RUN apt-get update && apt-get install -y \
    ca-certificates \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user
RUN useradd -m -u 1000 provisioning

# Copy binary from builder
COPY --from=builder /app/target/release/provisioning-server /usr/local/bin/

# Create directories
RUN mkdir -p /etc/provisioning-server /var/log/provisioning-server && \
    chown -R provisioning:provisioning /etc/provisioning-server /var/log/provisioning-server

# Switch to non-root user
USER provisioning

# Expose port
EXPOSE 8083

# Set environment variables
ENV RUST_LOG=info
ENV SERVER_HOST=0.0.0.0
ENV SERVER_PORT=8083

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:8083/health || exit 1

# Run the binary
CMD ["provisioning-server"]