ARG KRATOS_VERSION=v1.1.0
FROM oryd/kratos:${KRATOS_VERSION}

# Switch to root to install packages
USER root

# Install additional tools if needed
RUN apk add --no-cache curl wget

# Set working directory
WORKDIR /etc/kratos

# Copy configuration files
COPY config/kratos.yml /etc/kratos/kratos.yml
COPY config/identity.schema.json /etc/kratos/identity.schema.json
COPY config/identity.v2.schema.json /etc/kratos/identity.v2.schema.json

# Validate configuration syntax at build time (optional)
RUN kratos help serve || true

# Switch back to non-root user for runtime
USER ory

# Expose ports
EXPOSE 4433 4434

# Health check
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
  CMD curl -f -s http://localhost:4433/health/ready > /dev/null || exit 1

# Default command
CMD ["serve", "--config", "/etc/kratos/kratos.yml"]