# Multi-stage build for Provisioning RAG Service
# Stage 1: Builder
FROM rust:1.80.1 as builder

WORKDIR /app

# Install dependencies
RUN apt-get update && apt-get install -y \
    pkg-config \
    libssl-dev \
    && rm -rf /var/lib/apt/lists/*

# Copy workspace and source
COPY Cargo.toml Cargo.lock ./
COPY provisioning/platform/rag ./rag
COPY provisioning/platform/rag/src ./src
COPY provisioning/platform/rag/benches ./benches

# Build the orchestrator binary in release mode
RUN cd rag && cargo build --release \
    && cp target/release/provisioning-rag /app/provisioning-rag

# Stage 2: Runtime
FROM debian:bookworm-slim

WORKDIR /app

# Install runtime dependencies
RUN apt-get update && apt-get install -y \
    ca-certificates \
    curl \
    openssl \
    && rm -rf /var/lib/apt/lists/*

# Copy binary from builder
COPY --from=builder /app/provisioning-rag /app/

# Create non-root user for security
RUN useradd -m -u 1000 provisioning && \
    chown -R provisioning:provisioning /app

USER provisioning

# Environment variables
ENV PROVISIONING_LOG_LEVEL=info
ENV PROVISIONING_API_HOST=0.0.0.0
ENV PROVISIONING_API_PORT=9090
ENV PROVISIONING_CACHE_SIZE=1000
ENV PROVISIONING_CACHE_TTL_SECS=3600

# Expose API port
EXPOSE 9090

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:9090/health || exit 1

# Start the service
CMD ["/app/provisioning-rag"]