FROM debian:bookworm-slim

# Install runtime dependencies
RUN apt-get update && apt-get install -y     ca-certificates     curl     && rm -rf /var/lib/apt/lists/*

# Create user
RUN useradd -m -u 1000 provisioning &&     mkdir -p /data /var/log/orchestrator &&     chown -R provisioning:provisioning /data /var/log/orchestrator

# Copy pre-built binary
COPY target/release/provisioning-orchestrator /usr/local/bin/provisioning-orchestrator
RUN chmod +x /usr/local/bin/provisioning-orchestrator

USER provisioning
WORKDIR /app

EXPOSE 8080

CMD ["/usr/local/bin/provisioning-orchestrator"]