FROM maven:3.9-eclipse-temurin-17 AS builder
WORKDIR /build
COPY pom.xml .
COPY settings.xml /root/.m2/settings.xml

# Maven proxy 配置：通过 172.17.0.1 (Docker 网关) 访问主机 Clash 代理
RUN mvn dependency:go-offline -B -q \
  -Dhttp.proxyHost=172.17.0.1 -Dhttp.proxyPort=7890 \
  -Dhttps.proxyHost=172.17.0.1 -Dhttps.proxyPort=7890 \
  -Dhttp.nonProxyHosts=localhost\|127.0.0.1\|172.17.0.1 || true

COPY src/ src/

RUN mvn package -DskipTests -B -q \
  -Dhttp.proxyHost=172.17.0.1 -Dhttp.proxyPort=7890 \
  -Dhttps.proxyHost=172.17.0.1 -Dhttps.proxyPort=7890 \
  -Dhttp.nonProxyHosts=localhost\|127.0.0.1\|172.17.0.1

FROM eclipse-temurin:17-jre-jammy AS runtime
WORKDIR /app
COPY --from=builder /build/target/*.jar app.jar

RUN addgroup --system hss && adduser --system --ingroup hss hss 2>/dev/null; exit 0
USER hss

EXPOSE 8080
HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD wget -qO- http://localhost:8080/actuator/health || exit 1

ENTRYPOINT ["java", "-XX:+UseZGC", "-XX:MaxRAMPercentage=75", "-jar", "app.jar"]
