nxtgauge-backend-rust/Dockerfile.simple

# Simple fast Dockerfile - no fancy caching, just builds fast
# Uses local cargo cache between builds

ARG SERVICE_NAME

FROM registry.nxtgauge.com/rust:alpine AS builder
ARG SERVICE_NAME

# Install deps
RUN apk add --no-cache musl-dev pkgconfig openssl-dev openssl-libs-static && \
    rustup target add x86_64-unknown-linux-musl

WORKDIR /app

# Copy manifests first for better caching
COPY Cargo.toml Cargo.lock ./
COPY crates/ ./crates/

# Copy all services so we can map hyphenated service names to underscore crate/bin names.
COPY apps/ ./apps/

# Restrict workspace members to the selected service + shared crates.
# This avoids requiring every `apps/*` manifest while preserving workspace deps.
RUN svc=$(echo "${SERVICE_NAME}" | tr '-' '_') && \
    awk -v svc="${svc}" '\
  BEGIN { in_members = 0 } \
  /^members = \[/ { \
    print "members = ["; \
    print "  \"apps/" svc "\","; \
    print "  \"crates/contracts\","; \
    print "  \"crates/db\","; \
    print "  \"crates/auth\","; \
    print "  \"crates/storage\","; \
    print "  \"crates/cache\","; \
    print "  \"crates/email\""; \
    in_members = 1; \
    next; \
  } \
  in_members && /^\]/ { in_members = 0; print "]"; next } \
  in_members { next } \
  { print }' Cargo.toml > Cargo.toml.tmp && mv Cargo.toml.tmp Cargo.toml && \
    echo "${svc}" > /tmp/service_bin

# Build with all optimizations
ENV RUSTFLAGS="-C target-feature=+crt-static -C link-arg=-s"
ENV OPENSSL_STATIC=1
ENV OPENSSL_DIR=/usr
RUN cargo build --release \
    --bin $(cat /tmp/service_bin) \
    --target x86_64-unknown-linux-musl && \
    cp /app/target/x86_64-unknown-linux-musl/release/$(cat /tmp/service_bin) /app/service

# Runtime
FROM scratch

COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /app/service /app/service

USER 65532:65532
EXPOSE 8000

ENTRYPOINT ["/app/service"]