# Build stage - using Debian for glibc compatibility with go-libsql
FROM golang:1.24-bookworm AS builder

WORKDIR /app

# Install build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends git ca-certificates && rm -rf /var/lib/apt/lists/*

# Copy go mod files
COPY go.mod go.sum ./
RUN go mod download

# Copy source code
COPY . .

# Build the binary with version info
RUN CGO_ENABLED=1 GOOS=linux go build \
    -ldflags="-s -w \
    -X main.version=$(git describe --tags --always --dirty 2>/dev/null || echo dev) \
    -X main.commit=$(git rev-parse --short HEAD 2>/dev/null || echo none) \
    -X main.date=$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
    -o kaze ./cmd/kaze

# Runtime stage - using Debian slim for glibc compatibility
FROM debian:bookworm-slim

WORKDIR /app

# Install CA certificates and timezone data
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates tzdata wget && rm -rf /var/lib/apt/lists/*

# Create non-root user
RUN useradd -r -u 1000 -m kaze

# Create data directory before switching user
RUN mkdir -p /app/data && chown -R kaze:kaze /app

# Copy binary from builder
COPY --from=builder --chown=kaze:kaze /app/kaze .

# Switch to non-root user
USER kaze

# Expose port
EXPOSE 8080

# Health check
HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://localhost:8080/ || exit 1

# Run the application
ENTRYPOINT ["./kaze"]
CMD ["--config", "/app/data/config.yaml"]