# Multi-stage build for minimal image
FROM docker.io/library/golang:1.23-alpine AS builder

# Install build dependencies
RUN apk add --no-cache git ca-certificates wget

# Create non-root user for building
RUN addgroup -S appgroup && adduser -S appuser -G appgroup

# Set working directory
WORKDIR /app

# Copy go.mod first for better caching
COPY go.mod go.sum ./
RUN go mod download

# Copy source code
COPY . .

# Build static binary
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
    -ldflags='-w -s -extldflags "-static"' \
    -a -installsuffix cgo \
    -o user-service \
    ./cmd/server

# Final stage: minimal runtime image
FROM docker.io/library/alpine:3.18

# Install runtime dependencies
RUN apk --no-cache add ca-certificates wget tzdata

# Create non-root user for running the app
RUN addgroup -S appgroup && adduser -S appuser -G appgroup

WORKDIR /app

# Copy binary from builder
COPY --from=builder /app/user-service .

# Use non-root user
USER appuser

# Expose port
EXPOSE 8090

# Run the app
CMD ["./user-service"]