# Build stage
FROM rust:1-bookworm AS builder
WORKDIR /app
# Copy manifests and source
COPY Cargo.toml Cargo.lock* ./
COPY config.yaml config.yaml
COPY table_id_map.yaml table_id_map.yaml
COPY openapi.yaml openapi.yaml
COPY openapi-wss.yaml openapi-wss.yaml
COPY config ./config
COPY src ./src
COPY sql ./sql
COPY benches ./benches
# Build release binary (benches are present so Cargo can parse the manifest)
RUN cargo build --release
# Runtime stage: Debian slim with PostgreSQL client tools pre-installed (no 403 download)
FROM debian:bookworm-slim AS runtime
# Install PostgreSQL client tools (PGDG) so pg_dump major matches modern servers.
# We pin to postgresql-client-17 to avoid Debian's default lagging behind.
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends ca-certificates curl gnupg; \
mkdir -p /etc/apt/keyrings; \
curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/keyrings/postgresql.gpg; \
echo "deb [signed-by=/etc/apt/keyrings/postgresql.gpg] http://apt.postgresql.org/pub/repos/apt bookworm-pgdg main" > /etc/apt/sources.list.d/pgdg.list; \
apt-get update; \
apt-get install -y --no-install-recommends postgresql-client-17 postgresql-common; \
apt-get purge -y --auto-remove gnupg; \
rm -rf /var/lib/apt/lists/*
# pg_dump/pg_restore are in /usr/bin; tell Athena to use them (avoids any network download)
ENV ATHENA_PG_DUMP_PATH=/usr/bin/pg_dump
ENV ATHENA_PG_RESTORE_PATH=/usr/bin/pg_restore
ENV ATHENA_PG_TOOLS_ALLOW_DOWNLOAD=0
RUN adduser --disabled-password --gecos "" --uid 1000 athena
WORKDIR /app
COPY --from=builder /app/target/release/athena_rs /app/athena_rs
COPY config.yaml ./config.yaml
COPY table_id_map.yaml table_id_map.yaml
COPY config ./config
ENV RUST_LOG=info
EXPOSE 4052
USER athena
ENTRYPOINT ["/app/athena_rs"]
CMD ["--api-only", "--port", "4052"]