# Dockerfile for benchmark runner
# Uses pure Go build with purego for dynamic libsecp256k1 loading

# Use Debian-based Go image to match runtime stage (avoids musl/glibc linker mismatch)
FROM golang:1.25-bookworm AS builder

# Install build dependencies (no secp256k1 build needed)
RUN apt-get update && apt-get install -y --no-install-recommends git ca-certificates && rm -rf /var/lib/apt/lists/*

# Set working directory
WORKDIR /build

# Copy go modules
COPY go.mod go.sum ./
RUN go mod download

# Copy source code
COPY . .

# Build the benchmark tool with CGO disabled (uses purego for crypto)
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o benchmark ./cmd/benchmark

# Final stage
# Use Debian slim instead of Alpine because Debian's libsecp256k1 includes
# Schnorr signatures (secp256k1_schnorrsig_*) and ECDH which Nostr requires.
# Alpine's libsecp256k1 is built without these modules.
FROM debian:bookworm-slim

# Install runtime dependencies
RUN apt-get update && \
    apt-get install -y --no-install-recommends ca-certificates curl libsecp256k1-1 && \
    rm -rf /var/lib/apt/lists/*

WORKDIR /app

# Copy benchmark binary (libsecp256k1.so.1 is already installed via apt)
COPY --from=builder /build/benchmark /app/benchmark

# Copy benchmark runner script
COPY cmd/benchmark/benchmark-runner.sh /app/benchmark-runner

# Make scripts executable
RUN chmod +x /app/benchmark-runner

# Create runtime user and reports directory owned by uid 1000
RUN useradd -m -u 1000 appuser && \
    mkdir -p /reports && \
    chown -R 1000:1000 /app /reports

# Environment variables
ENV BENCHMARK_EVENTS=50000
ENV BENCHMARK_WORKERS=24
ENV BENCHMARK_DURATION=60s

# Drop privileges: run as uid 1000
USER 1000:1000

# Run the benchmark runner
CMD ["/app/benchmark-runner"]