# Stage 1: Builder
FROM rust:1.80-slim AS builder

WORKDIR /app

# Install build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends pkg-config libssl-dev git && rm -rf /var/lib/apt/lists/*

COPY Cargo.toml Cargo.lock ./
COPY src/ ./src/

# Compile the Rust release binary
RUN cargo build --release

# Stage 2: Runtime
FROM debian:bookworm-slim AS runtime

# Install CA certificates for secure TLS communication
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates && rm -rf /var/lib/apt/lists/*

# Create a non-root user
RUN useradd --create-home --shell /bin/bash appuser
USER appuser

WORKDIR /home/appuser/app

# Copy the compiled binary from the builder stage
COPY --from=builder /app/target/release/urn-authority /usr/local/bin/urn-authority

# Copy the ledger index configuration required by the Rust code at runtime
COPY --from=builder /app/src/coreason_urn_authority/ledger/index.yaml ./src/coreason_urn_authority/ledger/index.yaml

ENTRYPOINT ["urn-authority"]
