# Multi-service optimized Dockerfile with layer caching
# Usage: docker build --build-arg SERVICE_NAME=gateway -t nxtgauge-gateway .

# Stage 1: Base builder with dependencies cached
FROM rust:alpine AS chef
RUN apk add --no-cache musl-dev pkgconfig openssl-dev && \
    rustup target add x86_64-unknown-linux-musl && \
    cargo install cargo-chef
WORKDIR /app

# Stage 2: Planner - analyzes dependencies
FROM chef AS planner
COPY Cargo.toml Cargo.lock ./
COPY crates/ ./crates/
COPY apps/ ./apps/
RUN cargo chef prepare --recipe-path recipe.json

# Stage 3: Builder - compiles dependencies separately (cached layer!)
FROM chef AS builder
ARG SERVICE_NAME

# Copy dependency recipe
COPY --from=planner /app/recipe.json recipe.json

# Build dependencies (cached if recipe.json unchanged)
RUN cargo chef cook --release --target x86_64-unknown-linux-musl --recipe-path recipe.json

# Copy source and build specific service
COPY Cargo.toml Cargo.lock ./
COPY crates/ ./crates/
COPY apps/ ./apps/

ENV RUSTFLAGS='-C target-feature=+crt-static'
RUN cargo build --release --bin ${SERVICE_NAME} --target x86_64-unknown-linux-musl

# Stage 4: Runtime - minimal distroless image
FROM gcr.io/distroless/static:nonroot
ARG SERVICE_NAME

# Copy only the binary
COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/${SERVICE_NAME} /app/service

# Use nonroot user (65532:65532 in distroless)
USER nonroot:nonroot

EXPOSE 8000

ENTRYPOINT ["/app/service"]