# 构建阶段
FROM rust:1.94.1-alpine3.23 AS builder

# 安装构建依赖
RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static pkgconfig

# 创建工作目录
WORKDIR /app

# 先复制 Cargo 文件以利用依赖缓存
COPY services/user-service/Cargo.toml services/user-service/Cargo.lock* ./

# 创建虚拟 main.rs 来缓存依赖
RUN mkdir -p src && echo 'fn main() {}' > src/main.rs
RUN cargo build --release 2>/dev/null || true
RUN rm -rf src

# 复制真实源代码
COPY services/user-service/src ./src

# 构建（使用 touch 确保重新编译）
RUN touch src/main.rs && cargo build --release

# 运行阶段
FROM alpine:3.23 AS runtime

# 安装运行依赖
RUN apk add --no-cache ca-certificates tzdata

# 创建非 root 用户
RUN addgroup -g 1000 appuser && adduser -D -u 1000 -G appuser appuser

WORKDIR /app

# 从构建阶段复制二进制文件
COPY --from=builder /app/target/release/user-service /app/user-service

# 设置权限
RUN chown -R appuser:appuser /app

USER appuser

# 健康检查
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1

EXPOSE 8080

CMD ["./user-service"]