# Simple fast Dockerfile - no fancy caching, just builds fast
# Uses local cargo cache between builds

ARG SERVICE_NAME

FROM rust:alpine AS builder
ARG SERVICE_NAME

# Install deps
RUN apk add --no-cache musl-dev pkgconfig openssl-dev openssl-libs-static && \
    rustup target add x86_64-unknown-linux-musl

WORKDIR /app

# Copy manifests first for better caching
COPY Cargo.toml Cargo.lock ./
COPY crates/ ./crates/

# Copy only the target service source (fast path for matrix builds).
COPY apps/${SERVICE_NAME}/ ./apps/${SERVICE_NAME}/

# Restrict workspace members to the selected service + shared crates.
# This avoids requiring every `apps/*` manifest while preserving workspace deps.
RUN awk -v svc="${SERVICE_NAME}" '\
  BEGIN { in_members = 0 } \
  /^members = \[/ { \
    print "members = ["; \
    print "  \"apps/" svc "\","; \
    print "  \"crates/contracts\","; \
    print "  \"crates/db\","; \
    print "  \"crates/auth\","; \
    print "  \"crates/storage\","; \
    print "  \"crates/cache\","; \
    print "  \"crates/email\""; \
    in_members = 1; \
    next; \
  } \
  in_members && /^\]/ { in_members = 0; print "]"; next } \
  in_members { next } \
  { print }' Cargo.toml > Cargo.toml.tmp && mv Cargo.toml.tmp Cargo.toml

# Build with all optimizations
ENV RUSTFLAGS="-C target-feature=+crt-static -C link-arg=-s"
ENV OPENSSL_STATIC=1
ENV OPENSSL_DIR=/usr
RUN cargo build --release \
    --bin ${SERVICE_NAME} \
    --target x86_64-unknown-linux-musl

# Runtime
FROM scratch
ARG SERVICE_NAME

COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/${SERVICE_NAME} /app/service

USER 65532:65532
EXPOSE 8000

ENTRYPOINT ["/app/service"]