FROM rust:1.91-slim-bookworm AS builder
WORKDIR /usr/src/app

# 官方 Rust 镜像中 CARGO_HOME = /usr/local/cargo
RUN echo '[source.crates-io]' > $CARGO_HOME/config.toml \
    && echo 'replace-with = "rsproxy-sparse"' >> $CARGO_HOME/config.toml \
    && echo '[source.rsproxy]' >> $CARGO_HOME/config.toml \
    && echo 'registry = "https://rsproxy.cn/crates.io-index"' >> $CARGO_HOME/config.toml \
    && echo '[source.rsproxy-sparse]' >> $CARGO_HOME/config.toml \
    && echo 'registry = "sparse+https://rsproxy.cn/index/"' >> $CARGO_HOME/config.toml \
    && echo '[registries.rsproxy]' >> $CARGO_HOME/config.toml \
    && echo 'index = "https://rsproxy.cn/crates.io-index"' >> $CARGO_HOME/config.toml

# 验证一下文件是否真的存在（构建时会在 log 打印出来，让你放心）
RUN cat $CARGO_HOME/config.toml

RUN apt-get update \
  && apt-get install -y --no-install-recommends ca-certificates pkg-config libssl-dev git openssh-client \
  && rm -rf /var/lib/apt/lists/*

COPY Cargo.toml Cargo.lock ./
COPY .cargo ./.cargo
RUN mkdir -p src && echo "fn main() {}" > src/main.rs
RUN cargo build --release --locked

COPY src ./src
COPY docs ./docs
RUN touch src/main.rs
RUN cargo build --release --locked

FROM debian:bookworm-slim AS runner
WORKDIR /app

RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list.d/debian.sources \
    && sed -i 's/security.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list.d/debian.sources

RUN apt-get update \
  && apt-get install -y --no-install-recommends ca-certificates libssl3 \
  && rm -rf /var/lib/apt/lists/*

RUN groupadd --system --gid 10001 iam \
  && useradd --system --uid 10001 --gid 10001 --no-create-home --shell /usr/sbin/nologin iam \
  && mkdir -p /app/log /app/data \
  && chown -R iam:iam /app/log

ENV PORT=5020
EXPOSE 5020

COPY --from=builder /usr/src/app/target/release/iam-service /app/iam-service
USER iam
CMD ["/app/iam-service"]