# Build stage
FROM rust:alpine AS builder

WORKDIR /usr/src/app

# Install build dependencies and musl target
RUN apk add --no-cache musl-dev pkgconfig openssl-dev && \
    rustup target add x86_64-unknown-linux-musl

# Copy manifests
COPY Cargo.toml Cargo.lock ./
COPY crates ./crates
COPY apps ./apps

# Build static binary with musl target
ENV RUSTFLAGS='-C target-feature=+crt-static'
RUN cargo build --release --bin ${BIN_NAME} --target x86_64-unknown-linux-musl

# Runtime stage - minimal Alpine
FROM alpine:latest AS runtime

# Install CA certificates only
RUN apk add --no-cache ca-certificates

# Create app user
RUN adduser -D -u 1000 appuser

WORKDIR /app

# Copy static binary from builder
COPY --from=builder /usr/src/app/target/x86_64-unknown-linux-musl/release/${BIN_NAME} ./${BIN_NAME}

# Switch to non-root user
USER appuser

# Run the binary
CMD ["./${BIN_NAME}"]