# ---- build stage ----
FROM golang:1.25.1-alpine AS builder
WORKDIR /src

# Speed up builds by caching deps
COPY go.mod go.sum ./
RUN go mod download

# Copy the rest (includes your embedded SQL in db/migration/*.sql)
COPY . .

# Build statically (no CGO) for Linux
ARG TARGETOS=linux
ARG TARGETARCH
ENV CGO_ENABLED=0
RUN --mount=type=cache,target=/root/.cache/go-build \
    GOOS=$TARGETOS GOARCH=${TARGETARCH:-amd64} \
    go build -trimpath -ldflags "-s -w" -o /out/server ./cmd/server

RUN --mount=type=cache,target=/root/.cache/go-build \
    GOOS=$TARGETOS GOARCH=${TARGETARCH:-amd64} \
    go build -trimpath -ldflags "-s -w" -o /out/migrate ./cmd/migrate

# ---- runtime stage ----
FROM alpine:3.20
# minimal tools for healthcheck + TLS roots + timezone
RUN apk add --no-cache ca-certificates tzdata curl && \
    adduser -D -H -u 10001 app && \
    mkdir -p /home/app && chown app:app /home/app
USER app
ENV HOME=/home/app
WORKDIR /app

COPY --from=builder /out/server /app/server
COPY --from=builder /out/migrate /app/migrate

EXPOSE 8082
# Container-local healthcheck
HEALTHCHECK --interval=15s --timeout=3s --retries=3 \
    CMD curl -sf http://localhost:8082/healthz || exit 1

ENTRYPOINT ["/app/server"]