# Synor Blockchain Node Dockerfile
# Multi-stage build for minimal production image

# =============================================================================
# Stage 1: Build Environment
# =============================================================================
FROM rust:1.85-bookworm AS builder

# Install build dependencies
RUN apt-get update && apt-get install -y \
    cmake \
    clang \
    libclang-dev \
    pkg-config \
    libssl-dev \
    && rm -rf /var/lib/apt/lists/*

# Create app directory
WORKDIR /app

# Copy manifests first (for better caching)
COPY Cargo.toml Cargo.lock ./
COPY crates/ crates/
COPY apps/ apps/
COPY contracts/ contracts/
COPY sdk/ sdk/

# Build release binary
RUN cargo build --release --bin synord

# =============================================================================
# Stage 2: Runtime Environment
# =============================================================================
FROM debian:bookworm-slim AS runtime

# Install runtime dependencies
RUN apt-get update && apt-get install -y \
    ca-certificates \
    libssl3 \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user for security
RUN useradd --create-home --shell /bin/bash synor

# Create data directories
RUN mkdir -p /data/synor && chown -R synor:synor /data

# Copy binary from builder
COPY --from=builder /app/target/release/synord /usr/local/bin/synord

# Switch to non-root user
USER synor

# Set working directory
WORKDIR /home/synor

# Expose ports
# P2P network
EXPOSE 17511
# HTTP RPC
EXPOSE 17110
# WebSocket RPC
EXPOSE 17111

# Data volume
VOLUME ["/data/synor"]

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD synord --version || exit 1

# Default command
ENTRYPOINT ["synord"]
CMD ["--data-dir", "/data/synor", "--network", "testnet"]