# Multi-stage build for tunnel client
FROM maven:3.9.6-eclipse-temurin-21 AS builder

WORKDIR /app

# Copy pom.xml first for better Docker layer caching
COPY pom.xml .
RUN mvn dependency:go-offline -B

# Copy source code and build
COPY src ./src
RUN mvn clean package -DskipTests

# Runtime stage
FROM eclipse-temurin:21-jre-alpine

WORKDIR /app

# Create data directory for H2 database
RUN mkdir -p /app/data

# Create non-root user
RUN addgroup -g 1001 -S tunnel && \
    adduser -S tunnel -u 1001 -G tunnel

# Copy the jar file
COPY --from=builder /app/target/*.jar app.jar

# Change ownership of the app directory
RUN chown -R tunnel:tunnel /app

# Switch to non-root user
USER tunnel

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
  CMD curl -f http://localhost:8765/actuator/health || exit 1

# Expose port
EXPOSE 8765

# Environment variables
ENV SPRING_PROFILES_ACTIVE=docker
ENV JAVA_OPTS="-Xmx512m -Xms256m"

# Run the application
ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -jar app.jar"]