# dns-updater — small Bun service behind the ct-forge Caddy.
FROM oven/bun:1.2-slim

WORKDIR /app

# Install deps first for layer caching.
COPY package.json ./
RUN bun install --production

COPY tsconfig.json ./
COPY src ./src

ENV PORT=8090
EXPOSE 8090

# Run as the unprivileged user the base image provides.
USER bun

HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD bun --eval "fetch('http://127.0.0.1:'+(process.env.PORT||8090)+'/healthz').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"

CMD ["bun", "run", "src/index.ts"]
