# syntax=docker/dockerfile:1.7
# Multi-stage build: cmake/clang on debian:bookworm -> debian:stable-slim runtime.

FROM debian:bookworm AS builder
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y --no-install-recommends \
        build-essential \
        cmake \
        clang \
        git \
        ca-certificates \
        pkg-config \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /src
COPY . /src
RUN cmake -S . -B build \
        -DCMAKE_BUILD_TYPE=Release \
        -DCMAKE_C_COMPILER=clang \
        -DCMAKE_CXX_COMPILER=clang++ \
    && cmake --build build --parallel "$(nproc)" \
    && cmake --install build --prefix /opt/cxwebapp

# ----- runtime ---------------------------------------------------------------
FROM debian:stable-slim AS runtime
RUN apt-get update && apt-get install -y --no-install-recommends \
        ca-certificates \
        libstdc++6 \
        curl \
    && rm -rf /var/lib/apt/lists/* \
    && useradd --system --uid 10001 --home /opt/cxwebapp --shell /usr/sbin/nologin cxwebapp

COPY --from=builder /opt/cxwebapp /opt/cxwebapp
WORKDIR /opt/cxwebapp/bin

ENV PORT=8080
EXPOSE 8080
USER cxwebapp

HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
    CMD curl -fsS "http://127.0.0.1:${PORT}/api/health" || exit 1

ENTRYPOINT ["/opt/cxwebapp/bin/CxWebApp"]
