unionflow-server-impl-quarkus/Dockerfile

####
# Dockerfile simplifié pour UnionFlow Server - Compatible lionsctl
# Utilise l'uber-jar pré-compilé par Maven
####

FROM eclipse-temurin:17-jre-alpine

ENV LANGUAGE='en_US:en'

# Configuration des variables d'environnement pour production
ENV QUARKUS_PROFILE=prod
ENV QUARKUS_HTTP_PORT=8080
ENV QUARKUS_HTTP_HOST=0.0.0.0

# Configuration Base de données
# IMPORTANT: Les secrets doivent être injectés via Kubernetes Secrets au runtime
ENV DB_URL=jdbc:postgresql://postgresql-service.postgresql.svc.cluster.local:5432/unionflow
ENV DB_USERNAME=unionflow
# ENV DB_PASSWORD will be injected via Kubernetes Secret

# Configuration Keycloak/OIDC
ENV QUARKUS_OIDC_AUTH_SERVER_URL=https://security.lions.dev/realms/unionflow
ENV QUARKUS_OIDC_CLIENT_ID=unionflow-server
# ENV KEYCLOAK_CLIENT_SECRET will be injected via Kubernetes Secret
ENV QUARKUS_OIDC_TLS_VERIFICATION=required

# Configuration CORS
ENV CORS_ORIGINS=https://unionflow.lions.dev,https://security.lions.dev
ENV QUARKUS_HTTP_CORS_ORIGINS=${CORS_ORIGINS}

# Configuration Wave Money
ENV WAVE_API_KEY=
ENV WAVE_API_SECRET=
ENV WAVE_API_BASE_URL=https://api.wave.com/v1
ENV WAVE_ENVIRONMENT=production
ENV WAVE_WEBHOOK_SECRET=

# Créer l'utilisateur appuser
RUN addgroup -g 185 appuser && adduser -D -u 185 -G appuser appuser

# Installer curl pour health checks
RUN apk add --no-cache curl

# Créer les répertoires nécessaires
RUN mkdir -p /app/logs && chown -R appuser:appuser /app

WORKDIR /app

# Copier l'uber-jar depuis target/
COPY --chown=appuser:appuser target/*-runner.jar /app/app.jar

USER appuser

# Exposer le port
EXPOSE 8080

# Variables JVM optimisées
ENV JAVA_OPTS="-Xmx1g -Xms512m \
    -XX:+UseG1GC \
    -XX:MaxGCPauseMillis=200 \
    -XX:+UseStringDeduplication \
    -XX:+HeapDumpOnOutOfMemoryError \
    -XX:HeapDumpPath=/app/logs/heapdump.hprof \
    -Djava.security.egd=file:/dev/./urandom \
    -Djava.awt.headless=true \
    -Dfile.encoding=UTF-8 \
    -Djava.util.logging.manager=org.jboss.logmanager.LogManager \
    -Dquarkus.profile=${QUARKUS_PROFILE}"

# Point d'entrée
ENTRYPOINT ["sh", "-c", "exec java $JAVA_OPTS -jar /app/app.jar"]

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
  CMD curl -f http://localhost:8080/q/health/ready || exit 1