# Synor Blockchain Node Dockerfile
# Multi-stage build for minimal production image

# =============================================================================
# Stage 1: Build Environment
# =============================================================================
FROM rust:1.85-bookworm AS builder

# Install build dependencies
RUN apt-get update && apt-get install -y \
    cmake \
    clang \
    libclang-dev \
    pkg-config \
    libssl-dev \
    && rm -rf /var/lib/apt/lists/*

# Create app directory
WORKDIR /app

# Copy manifests first (for better caching)
COPY Cargo.toml Cargo.lock ./
COPY src/ src/
COPY crates/ crates/
COPY apps/ apps/

# Build release binary (using -p for package, synord includes the bin)
RUN cargo build --release -p synord

# =============================================================================
# Stage 2: Runtime Environment
# =============================================================================
FROM debian:bookworm-slim AS runtime

# Install runtime dependencies
RUN apt-get update && apt-get install -y \
    ca-certificates \
    libssl3 \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user for security
RUN useradd --create-home --shell /bin/bash synor

# Create data directories
RUN mkdir -p /data/synor && chown -R synor:synor /data

# Copy binary from builder
COPY --from=builder /app/target/release/synord /usr/local/bin/synord

# Copy entrypoint script
COPY scripts/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod +x /usr/local/bin/docker-entrypoint.sh

# Switch to non-root user
USER synor

# Set working directory
WORKDIR /home/synor

# Expose ports
# P2P network
EXPOSE 17511
# HTTP RPC
EXPOSE 17110
# WebSocket RPC
EXPOSE 17111

# Data volume
VOLUME ["/data/synor"]

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD synord --version || exit 1

# Default command - use entrypoint script which handles init
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
CMD ["run"]