# vim: filetype=dockerfile
# Our entire toolchain runs in alpine
FROM alpine:latest AS builder

ENV PATH "$PATH:/app/.cargo/bin"
# Needed for proper compiling of openssl-dev
ENV RUSTFLAGS "-C target-feature=-crt-static"

# Add the build user
# Install dependencies
RUN addgroup -S builder && \
    adduser -S builder -G builder -h /app && \
    apk update && \
    apk add --no-cache \
        curl \
        gcc \
        libgcc \
        musl-dev \
        openssl-dev \
        postgresql-dev

# Switch to the non-root user
USER builder

WORKDIR /app

# Install rustup in the new user's home
# Create mountpoints for volumes with correct permissions
RUN { curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain nightly; } && \
    rustup target add x86_64-unknown-linux-musl --toolchain nightly && \
    mkdir -p .cargo/registry target

# Copy source code over to builder
COPY --chown=builder:builder Cargo.toml Cargo.lock ./
COPY --chown=builder:builder src/ ./src/
COPY --chown=builder:builder migrations/ ./migrations/