FROM crystallang/crystal:1.9.2-alpine AS builder

# Install build dependencies
RUN apk add --no-cache \
    yaml-dev \
    openssl-dev \
    zlib-dev \
    sqlite-dev \
    postgresql-dev \
    bind-tools \
    git \
    curl

# Set build arguments
ARG APP_NAME=dns-manager
ARG BINARY_PATH=src/dns_manager.cr

WORKDIR /app

# Copy shard files
COPY shard.yml shard.lock ./

# Install dependencies
RUN shards install --production

# Copy source code
COPY . .

# Build the binary
RUN crystal build --release --static ${BINARY_PATH} -o ${APP_NAME}

# Runtime stage
FROM alpine:3.19

# Install runtime dependencies
RUN apk add --no-cache \
    ca-certificates \
    tzdata \
    openssl \
    yaml \
    bind-tools \
    bind-libs

WORKDIR /app

# Copy the binary from builder
COPY --from=builder /app/${APP_NAME} .

# Create non-root user and set permissions
RUN adduser -D appuser && \
    chown -R appuser:appuser /app && \
    chmod -R 400 /app && \
    chmod 500 /app/${APP_NAME}

USER appuser

# Set environment variables
ENV PORT=3000
ENV KEMAL_ENV=production

# Expose ports
EXPOSE 3000

ENTRYPOINT ["/app/dns-manager"]