# Multi-stage Dockerfile for Go application

# Stage 1: Build stage
FROM golang:1.21-alpine AS builder

# Install git and ca-certificates (for HTTPS requests if needed)
RUN apk add --no-cache git ca-certificates tzdata

# Create non-root user for security
RUN adduser -D -g '' appuser

WORKDIR /app

# Copy go mod files first for better caching
COPY go.mod ./
COPY go.sum* ./

# Download dependencies
RUN go mod download
RUN go mod verify

# Copy source code
COPY . .

# Build the binary with optimizations for smaller size and static linking
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
    -ldflags='-w -s -extldflags "-static"' \
    -a -installsuffix cgo \
    -o meteor-compute-service \
    cmd/meteor-compute-service/main.go

# Stage 2: Final minimal image
FROM scratch

# Copy timezone data from builder stage
COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo

# Copy SSL certificates
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

# Copy the user
COPY --from=builder /etc/passwd /etc/passwd

# Copy the binary
COPY --from=builder /app/meteor-compute-service /meteor-compute-service

# Use non-root user
USER appuser

# Expose port
EXPOSE 8080

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD ["/meteor-compute-service"]

# Run the binary
ENTRYPOINT ["/meteor-compute-service"]