FROM rust:1.93-alpine AS chef
RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static
RUN cargo install cargo-chef
WORKDIR /app

FROM chef AS planner
COPY Cargo.toml Cargo.lock* ./
COPY src ./src
RUN cargo chef prepare --recipe-path recipe.json

FROM node:24-alpine AS frontend-builder
WORKDIR /app/admin-ui
# 单独复制依赖文件，利用层缓存：只有依赖变化时才重新安装
COPY admin-ui/package.json admin-ui/bun.lock* ./
RUN npm install -g pnpm && pnpm install --no-frozen-lockfile
COPY admin-ui ./
RUN pnpm build

FROM chef AS builder

# 可选：启用敏感日志输出（仅用于排障）
ARG ENABLE_SENSITIVE_LOGS=false

# 可按需在构建时覆盖：docker compose build --build-arg CARGO_BUILD_JOBS=48
ARG CARGO_BUILD_JOBS=8
ENV CARGO_BUILD_JOBS=${CARGO_BUILD_JOBS}

COPY --from=planner /app/recipe.json recipe.json
RUN if [ "$ENABLE_SENSITIVE_LOGS" = "true" ]; then \
        cargo chef cook --profile docker-release --features sensitive-logs --recipe-path recipe.json; \
    else \
        cargo chef cook --profile docker-release --recipe-path recipe.json; \
    fi

COPY Cargo.toml Cargo.lock* ./
COPY src ./src
COPY --from=frontend-builder /app/admin-ui/dist /app/admin-ui/dist

RUN if [ "$ENABLE_SENSITIVE_LOGS" = "true" ]; then \
        cargo build --profile docker-release --features sensitive-logs; \
    else \
        cargo build --profile docker-release; \
    fi

FROM alpine:3.21

RUN apk add --no-cache ca-certificates

WORKDIR /app
# docker-release profile 产物路径为 target/docker-release/
COPY --from=builder /app/target/docker-release/kiro-rs /app/kiro-rs

VOLUME ["/app/config"]

EXPOSE 8990

CMD ["./kiro-rs", "-c", "/app/config/config.json", "--credentials", "/app/config/credentials.json"]