# Production Dockerfile for BACKBEAT services
# Multi-stage build with optimized production images

# Build stage
FROM golang:1.22-alpine AS builder

# Install build dependencies
RUN apk add --no-cache git ca-certificates tzdata

# Set working directory
WORKDIR /app

# Copy go mod files
COPY go.mod go.sum ./

# Download dependencies
RUN go mod download

# Copy source code
COPY . .

# Build all services with optimizations
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
    -a -installsuffix cgo \
    -ldflags='-w -s -extldflags "-static"' \
    -o pulse ./cmd/pulse

RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
    -a -installsuffix cgo \
    -ldflags='-w -s -extldflags "-static"' \
    -o reverb ./cmd/reverb

RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
    -a -installsuffix cgo \
    -ldflags='-w -s -extldflags "-static"' \
    -o agent-sim ./cmd/agent-sim

# Pulse service image
FROM alpine:3.18 AS pulse

# Install runtime dependencies
RUN apk --no-cache add ca-certificates tzdata wget && \
    update-ca-certificates

# Create non-root user
RUN addgroup -g 1001 backbeat && \
    adduser -D -s /bin/sh -u 1001 -G backbeat backbeat

# Set working directory
WORKDIR /app

# Copy pulse and agent-sim binaries from builder
COPY --from=builder /app/pulse .
COPY --from=builder /app/agent-sim .
RUN chmod +x ./pulse ./agent-sim

# Create data directory
RUN mkdir -p /data && chown -R backbeat:backbeat /data /app

# Switch to non-root user
USER backbeat

# Expose ports (8080 for HTTP API, 9000 for Raft)
EXPOSE 8080 9000

# Health check endpoint
HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://localhost:8080/healthz || exit 1

# Default command with production settings
ENTRYPOINT ["./pulse"]
CMD ["-cluster", "chorus-production", \
     "-admin-port", "8080", \
     "-raft-bind", "0.0.0.0:9000", \
     "-data-dir", "/data", \
     "-log-level", "info"]

# Reverb service image  
FROM alpine:3.18 AS reverb

# Install runtime dependencies
RUN apk --no-cache add ca-certificates tzdata wget && \
    update-ca-certificates

# Create non-root user
RUN addgroup -g 1001 backbeat && \
    adduser -D -s /bin/sh -u 1001 -G backbeat backbeat

# Set working directory
WORKDIR /app

# Copy reverb binary from builder
COPY --from=builder /app/reverb .
RUN chmod +x ./reverb

# Switch to non-root user
USER backbeat

# Expose port (8080 for HTTP API)
EXPOSE 8080

# Health check endpoint
HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://localhost:8080/healthz || exit 1

# Default command with production settings
ENTRYPOINT ["./reverb"]
CMD ["-cluster", "chorus-production", \
     "-nats", "nats://nats:4222", \
     "-bar-length", "120", \
     "-log-level", "info"]