FROM rust:latest as builder

  RUN \
    # Setup image building for scratch image...
    apt update \
    && apt install -y musl-tools musl-dev \
    && apt-get install -y build-essential \
    && yes | apt install gcc-x86-64-linux-gnu \
    # Add open ssl support
    && apt install ca-certificates \
    && update-ca-certificates \
    && apt install pkg-config libssl-dev make \
    # Add our own user and group to avoid permission problems
    && addgroup --gid 131313 app \
    && adduser --uid 131313 --gid 131313 --shell /bin/false --home /app --disabled-password app \
    # Prepare user data for final image
    && cat /etc/passwd | grep app > /etc/passwd_app

  WORKDIR /app

  COPY . .

  RUN rustup toolchain install nightly \
    && rustup target add x86_64-unknown-linux-musl

  # Login to Gitea
  ARG CRATES_TOKEN
  RUN mkdir ~/.cargo && cat <<"EOF" | tee ${CARGO_HOME}/config.toml
[registry]
global-credential-providers = ["cargo:token"]
EOF
  RUN cargo login --registry git_{{git-owner}} "Bearer ${CRATES_TOKEN}"

  # Build bin for scratch
  ENV RUSTFLAGS='-C linker=x86_64-linux-gnu-gcc'
  RUN cargo build --release --target x86_64-unknown-linux-musl

# Final image
FROM scratch

  WORKDIR /app

  # Copy user settings
  COPY --from=builder /etc/passwd_app /etc/passwd
  # Copy builded image
  COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/{{project-name}} ./
  # Copy CA Certificates
  COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

  USER app

  CMD ["./{{project-name}}"]