# ── UI Builder stage ───────────────────────────────────────────
FROM node:20-slim AS ui-builder
WORKDIR /app
COPY control-plane-ui/package*.json ./
RUN npm install
COPY control-plane-ui/ .
RUN npx vite build

# ── Builder stage ──────────────────────────────────────────────
FROM rust:bookworm AS builder
WORKDIR /app
COPY . .
ENV CARGO_PROFILE_RELEASE_LTO=false
ENV CARGO_PROFILE_RELEASE_CODEGEN_UNITS=16
RUN cargo build --release --workspace

# ── Runtime base (shared) ─────────────────────────────────────
FROM debian:bookworm-slim AS runtime-base
RUN apt-get update && apt-get install -y \
    ca-certificates \
    libssl3 \
    curl \
    && rm -rf /var/lib/apt/lists/*
RUN useradd -r -s /bin/false madbase
WORKDIR /app

# ── Proxy / Gateway ──────────────────────────────────────────
FROM runtime-base AS proxy-runtime
COPY --from=builder /app/target/release/gateway .
COPY --from=ui-builder /app/dist ./web
USER madbase
EXPOSE 8000
HEALTHCHECK --interval=10s --timeout=3s --retries=3 \
  CMD curl -f http://localhost:8000/ || exit 1
CMD ["./gateway"]

# ── Worker ────────────────────────────────────────────────────
FROM runtime-base AS worker-runtime
COPY --from=builder /app/target/release/worker .
USER madbase
EXPOSE 8002
HEALTHCHECK --interval=10s --timeout=3s --retries=3 \
  CMD curl -f http://localhost:8002/health || exit 1
CMD ["./worker"]

# ── Control Plane ─────────────────────────────────────────────
FROM runtime-base AS control-runtime
COPY --from=builder /app/target/release/control .
COPY --from=ui-builder /app/dist ./web
USER madbase
EXPOSE 8001
HEALTHCHECK --interval=10s --timeout=3s --retries=3 \
  CMD curl -f http://localhost:8001/ || exit 1
CMD ["./control"]

# ── Caddy Edge Proxy (stock image for local dev) ────────────────
FROM caddy:2.7-alpine AS proxy-runtime-caddy
EXPOSE 80 443
CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]