ARG DOTNET_SDK_IMAGE=mirror.soroushasadi.com/dotnet/sdk:10.0
ARG DOTNET_ASPNET_IMAGE=mirror.soroushasadi.com/dotnet/aspnet:10.0

FROM ${DOTNET_SDK_IMAGE} AS build
WORKDIR /src

COPY global.json Directory.Build.props Directory.Packages.props ./
# nuget.docker.config points to Nexus mirror (mirror.soroushasadi.com)
COPY nuget.docker.config ./nuget.config

# Trust the Nexus mirror's TLS CA: its Let's Encrypt cert renewed under the new
# ISRG Root YR, which isn't in the SDK image's trust store yet. Add the mirror's
# intermediate (CA:TRUE, valid to Sept 2028) as an anchor so dotnet restore validates.
COPY docker/nexus-mirror-ca.crt /usr/local/share/ca-certificates/nexus-mirror-ca.crt
RUN update-ca-certificates

COPY src/Meezi.Shared/Meezi.Shared.csproj src/Meezi.Shared/
COPY src/Meezi.Core/Meezi.Core.csproj src/Meezi.Core/
COPY src/Meezi.Infrastructure/Meezi.Infrastructure.csproj src/Meezi.Infrastructure/
COPY src/Meezi.API/Meezi.API.csproj src/Meezi.API/

ENV NUGET_CERT_REVOCATION_MODE=offline
RUN --mount=type=cache,target=/root/.nuget/packages \
    dotnet restore src/Meezi.API/Meezi.API.csproj --disable-parallel

COPY src/ src/
COPY data/menu-image-manifest.json data/
COPY data/demo-credentials.json data/
RUN dotnet publish src/Meezi.API/Meezi.API.csproj -c Release -o /app/publish /p:UseAppHost=false

FROM ${DOTNET_ASPNET_IMAGE} AS runtime
WORKDIR /app

ENV ASPNETCORE_URLS=http://+:8080
EXPOSE 8080

COPY --from=build /app/publish .

ENTRYPOINT ["dotnet", "Meezi.API.dll"]
