# Dockerfile for next.orly.dev relay
FROM ubuntu:22.04 as builder

# Set environment variables
ARG GOLANG_VERSION=1.22.5

# Update package list and install dependencies
RUN apt-get update && \
    apt-get install -y wget ca-certificates && \
    rm -rf /var/lib/apt/lists/*

# Download Go binary
RUN wget https://go.dev/dl/go${GOLANG_VERSION}.linux-amd64.tar.gz && \
    rm -rf /usr/local/go && \
    tar -C /usr/local -xzf go${GOLANG_VERSION}.linux-amd64.tar.gz && \
    rm go${GOLANG_VERSION}.linux-amd64.tar.gz

# Set PATH environment variable
ENV PATH="/usr/local/go/bin:${PATH}"

# Verify installation
RUN go version

RUN apt update && \
    apt -y install build-essential autoconf libtool git wget
RUN cd /tmp && \
    rm -rf secp256k1 && \
    git clone https://github.com/bitcoin-core/secp256k1.git && \
    cd secp256k1 && \
    git checkout v0.6.0 && \
    git submodule init && \
    git submodule update && \
    ./autogen.sh && \
    ./configure --enable-module-schnorrsig --enable-module-ecdh --prefix=/usr && \
    make -j1 && \
    make install

# Set working directory
WORKDIR /build

# Copy go modules
COPY go.mod go.sum ./
RUN go mod download

# Copy source code
COPY . .

# Build the relay (libsecp256k1 installed via make install to /usr/lib)
RUN CGO_ENABLED=1 GOOS=linux go build -gcflags "all=-N -l" -o relay .

# Create non-root user (uid 1000) for runtime in builder stage (used by analyzer)
RUN useradd -u 1000 -m -s /bin/bash appuser && \
    chown -R 1000:1000 /build
# Switch to uid 1000 for any subsequent runtime use of this stage
USER 1000:1000

# Final stage
FROM ubuntu:22.04

# Install runtime dependencies
RUN apt-get update && apt-get install -y ca-certificates curl libsecp256k1-0 libsecp256k1-dev && rm -rf /var/lib/apt/lists/* && \
    ln -sf /usr/lib/x86_64-linux-gnu/libsecp256k1.so.0 /usr/lib/x86_64-linux-gnu/libsecp256k1.so.5

WORKDIR /app

# Copy binary from builder
COPY --from=builder /build/relay /app/relay

# libsecp256k1 is already installed system-wide in the final stage via apt-get install libsecp256k1-0

# Create runtime user and writable directories
RUN useradd -u 1000 -m -s /bin/bash appuser && \
    mkdir -p /data /profiles /app && \
    chown -R 1000:1000 /data /profiles /app

# Expose port
EXPOSE 8080

# Set environment variables
ENV ORLY_DATA_DIR=/data
ENV ORLY_LISTEN=0.0.0.0
ENV ORLY_PORT=8080
ENV ORLY_LOG_LEVEL=off
# Aggressive cache settings to match Badger's cost metric
# Badger tracks ~52MB cost per key, need massive cache for good hit ratio
# Block cache: 16GB to hold ~300 keys in cache
# Index cache: 4GB for index lookups
ENV ORLY_DB_BLOCK_CACHE_MB=16384
ENV ORLY_DB_INDEX_CACHE_MB=4096

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
  CMD curl -f http://localhost:8080/ || exit 1

# Drop privileges: run as uid 1000
USER 1000:1000

# Run the relay
CMD ["/app/relay"]