# 1. Rust Builder Stage
FROM rust:1.80-slim AS builder
# Install build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
pkg-config \
libssl-dev \
git \
build-essential \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
COPY Cargo.toml Cargo.lock ./
COPY src/ ./src/
# Compile the gateway binary in release mode
RUN cargo build --release --bin coreason-gateway
# 2. Execution Stage
FROM debian:bookworm-slim
LABEL org.opencontainers.image.source="https://github.com/CoReason-AI/coreason-runtime"
LABEL org.opencontainers.image.description="CoReason Runtime - Pure Rust Zero-Trust API Gateway & Ingress Engine"
# Install runtime dependencies and ca-certificates
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
libssl3 \
&& rm -rf /var/lib/apt/lists/*
# Create an unprivileged user to securely run the gateway
RUN useradd -u 10000 -m -s /bin/bash coreason && \
mkdir -p /app/data && \
chown -R coreason:coreason /app
WORKDIR /app
# Copy the Rust gateway binary from the builder stage
COPY --from=builder --chown=coreason:coreason /app/target/release/coreason-gateway /usr/local/bin/coreason-gateway
# Environment settings
ENV PATH="/usr/local/bin:$PATH"
# Drop privileges
USER coreason
# Boot container using the Rust gateway
ENTRYPOINT ["coreason-gateway"]
CMD ["start", "api", "--port", "8080"]