prod & dev docker containers

Dockerfile

@@ -0,0 +1,62 @@
+# Multi-stage build for production
+# Stage 1: Build the application
+FROM rust:1.90-bookworm AS builder
+
+# Install build dependencies
+RUN apt-get update && apt-get install -y \
+    pkg-config \
+    libssl-dev \
+    protobuf-compiler \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /build
+
+# Copy manifests
+COPY Cargo.toml Cargo.lock ./
+
+# Create dummy main to cache dependencies
+RUN mkdir src && \
+    echo "fn main() {}" > src/main.rs && \
+    cargo build --release && \
+    rm -rf src
+
+# Copy actual source code
+COPY src ./src
+
+# Build the actual application
+RUN cargo build --release --bin herodb
+
+# Stage 2: Create minimal runtime image
+FROM debian:bookworm-slim
+
+# Install runtime dependencies (minimal)
+RUN apt-get update && apt-get install -y \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create non-root user
+RUN useradd -m -u 1000 herodb && \
+    mkdir -p /data && \
+    chown -R herodb:herodb /data
+
+WORKDIR /app
+
+# Copy binary from builder
+COPY --from=builder /build/target/release/herodb /usr/local/bin/herodb
+
+# Switch to non-root user
+USER herodb
+
+# Create volume mount point
+VOLUME ["/data"]
+
+# Expose ports
+EXPOSE 6379 8080
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD timeout 2 bash -c '</dev/tcp/localhost/6379' || exit 1
+
+# Default command
+ENTRYPOINT ["herodb"]
+CMD ["--dir", "/data", "--port", "6379", "--enable-rpc", "--rpc-port", "8080"]