# Stage 1: Build the binary
FROM golang:1.24 AS builder

WORKDIR /app

# Copy dependencies and download
COPY go.mod go.sum ./
RUN go mod download

# Copy source and build static binary
COPY . .
RUN CGO_ENABLED=0 go build -ldflags="-s -w" -o /main ./cmd/main.go

# Stage 2: Lightweight runtime with tools
FROM debian:bookworm-slim

# Install curl, shell (sh), and SSL certificates
RUN apt-get update && \
    apt-get install -y --no-install-recommends curl ca-certificates && \
    rm -rf /var/lib/apt/lists/*

# Create non-root user and set ownership
RUN groupadd -r appuser && useradd -r -g appuser appuser
USER appuser

# Copy compiled binary
COPY --from=builder /main /main

# Execute the binary
CMD ["/main"]