# Multi-stage build to reduce final image size and handle permissions properly
FROM rust:1.90-alpine AS builder

# Install build dependencies
RUN apk add --no-cache \
    musl-dev \
    pkgconfig \
    openssl-dev \
    openssl-libs-static

# Set working directory
WORKDIR /app

# Copy manifest files first
COPY Cargo.toml Cargo.lock ./

# Create src directory structure
RUN mkdir -p src

# Copy the actual source files (including api_server.rs)
COPY src ./src

# Build the application
RUN cargo build --release --bin api_server

# Final runtime stage
FROM alpine:3.20

# Install runtime dependencies
RUN apk add --no-cache \
    ca-certificates \
    openssl-libs-static

# Create app user
RUN addgroup -g 1001 -S appgroup && \
    adduser -S appuser -u 1001 -G appgroup

# Set working directory
WORKDIR /app

# Copy the binary from builder stage
COPY --from=builder /app/target/release/api_server .

# Change ownership to app user
RUN chown -R appuser:appgroup /app

# Switch to non-root user
USER appuser

# Expose the default port
EXPOSE 7860

# Set environment variables
ENV RUST_LOG=info
ENV API_HOST=0.0.0.0
ENV API_PORT=7860

# Run the application directly from binary
CMD ["./api_server", "--no-proxy"]