FROM rust:1-bookworm AS builder
WORKDIR /src
COPY Cargo.toml Cargo.lock ./
COPY src/ src/
RUN cargo build --release --bin openlatch
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y ca-certificates curl && rm -rf /var/lib/apt/lists/*
COPY --from=builder /src/target/release/openlatch /usr/local/bin/openlatch
RUN mkdir -p /root/.openlatch/logs
EXPOSE 7443
ENV OPENLATCH_LOG_LEVEL=debug
ENV OPENLATCH_UPDATE_CHECK=false
HEALTHCHECK --interval=2s --timeout=5s --retries=15 --start-period=10s \
CMD curl -sf http://localhost:7443/health
# Write a fixed test token and start daemon in foreground.
# SECURITY: test-e2e-token is only used in ephemeral CI containers — never in production.
CMD ["sh", "-c", "echo 'test-e2e-token' > /root/.openlatch/daemon.token && chmod 600 /root/.openlatch/daemon.token && openlatch daemon start --foreground"]