# Build stage
FROM golang:1.24-alpine AS builder

# Set working directory
WORKDIR /app

# Install build dependencies
RUN apk add --no-cache git make

# Copy go.mod and go.sum (if present)
COPY go.mod .
COPY go.sum* .

# Download dependencies
RUN go mod download

# Copy source code
COPY . .

# Build the application with version information
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o gitea-webhook-ambassador .

# Runtime stage
FROM alpine:3.19

# Add non-root user
RUN addgroup -S appgroup && adduser -S appuser -G appgroup

# Install runtime dependencies
RUN apk add --no-cache ca-certificates tzdata

# Create necessary directories with appropriate permissions
RUN mkdir -p /app/config && \
    chown -R appuser:appgroup /app

WORKDIR /app

# Copy the binary from builder stage
COPY --from=builder /app/gitea-webhook-ambassador .

# Copy default config (will be overridden by volume mount in production)
COPY config.yaml /app/config/

# Switch to non-root user
USER appuser

# Expose the service port
EXPOSE 8080

# Default command (can be overridden at runtime)
ENTRYPOINT ["/app/gitea-webhook-ambassador"]
CMD ["-config=/app/config/config.yaml"]