# Multi-stage build for SeckelAPI
FROM docker.io/library/rust:1.92-slim-trixie AS builder

WORKDIR /build

# Install build dependencies
RUN apt-get update && \
    apt-get install -y pkg-config libssl-dev && \
    rm -rf /var/lib/apt/lists/*

# Copy source code
COPY sources/ .

# Build release binary
RUN cargo build --release

# Runtime stage - minimal Debian image
FROM docker.io/library/debian:trixie-slim

WORKDIR /app

# Install runtime dependencies
RUN apt-get update && \
    apt-get install -y ca-certificates libssl3 && \
    rm -rf /var/lib/apt/lists/*

# Copy binary and config from builder
COPY --from=builder /build/target/release/seckelapi /app/seckelapi
COPY sources/config/ /app/config/

# Expose API port
EXPOSE 5777

# Run as non-root user
RUN useradd -r -u 1000 seckelapi && \
    chown -R seckelapi:seckelapi /app
USER seckelapi

CMD ["/app/seckelapi"]