# Use rust image as base
FROM rust:1.92-slim-bookworm as builder

# Install build dependencies and security updates
RUN apt-get update && \
    apt-get upgrade -y && \
    apt-get install -y --no-install-recommends \
    pkg-config \
    libssl-dev \
    && rm -rf /var/apt/lists/*

# Create app directory
WORKDIR /app

COPY Cargo.toml Cargo.lock ./

# Create dummy main.rs to build and cache dependencies
RUN mkdir src && \
    echo "fn main() {println!(\"Dummy program\")}" > src/main.rs && \
    cargo build --release && \
    rm -rf src

# Copy source code
COPY src ./src

# Build the application
RUN touch src/main.rs && \
    cargo build --release && \
    strip target/release/tpp

# RUNTIME STAGE
FROM debian:bookworm-slim as runtime

RUN apt-get update && \
    apt-get upgrade -y && \
    apt-get install -y --no-install-recommends \
    ca-certificates \
    libssl3 \
    && rm -rf /var/apt/lists/*

# Create non-root user
RUN useradd -m -u 1001 -U appuser

# Set working directory
WORKDIR /app

# Copy binary from builder
COPY --chown=appuser:appuser --from=builder /app/target/release/tpp /app/app

# Switch to non-root user
USER appuser

# Expose port
EXPOSE 3000

# Add healthcheck
HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \
    CMD ["/app/app", "--health-check"] || exit 1

# Run the application
CMD ["/app/app"]