Added a Dockerfile and completely refactored the Woodpecker pipeline.

Dockerfile

@@ -0,0 +1,74 @@
+# syntax=docker/dockerfile:1.6
+
+ARG GO_VERSION=1.22
+
+############################
+# Build stage
+############################
+FROM golang:${GO_VERSION}-bookworm AS build
+
+WORKDIR /src
+
+# Install baseline packages
+RUN apt-get update && apt-get install -y --no-install-recommends \
+      ca-certificates tzdata git build-essential \
+    && rm -rf /var/lib/apt/lists/*
+
+# Cache dependencies first
+COPY go.mod go.sum ./
+RUN --mount=type=cache,target=/go/pkg/mod \
+    go mod download
+
+# Copy the rest of the source
+COPY . .
+
+# Default to a static build (no CGO)
+# If errors, can build with: --build-arg CGO_ENABLED=1
+ARG CGO_ENABLED=0
+ARG TARGETOS=linux
+ARG TARGETARCH
+ENV CGO_ENABLED=${CGO_ENABLED} \
+    GOOS=${TARGETOS} \
+    GOARCH=${TARGETARCH}
+
+# Build your cmd entrypoint
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    go build \
+      -trimpath \
+      -ldflags="-s -w" \
+      -o /out/weatherfeeder \
+      ./cmd/weatherfeeder
+
+
+############################
+# Runtime stage
+############################
+FROM debian:bookworm-slim AS runtime
+
+# Install runtime necessities
+RUN apt-get update && apt-get install -y --no-install-recommends \
+      ca-certificates tzdata curl \
+    && rm -rf /var/lib/apt/lists/*
+
+# Define /weatherfeeder as the working directory
+WORKDIR /weatherfeeder
+
+# Create an unprivileged user
+RUN useradd \
+      --system \
+      --uid 10001 \
+      --create-home \
+      --home-dir /nonexistent \
+      --shell /usr/sbin/nologin \
+      weatherfeeder
+
+# Copy the binary
+COPY --from=build /out/weatherfeeder /weatherfeeder/weatherfeeder
+
+# Make sure the user can read config.yml when it’s mounted in
+RUN chown -R weatherfeeder:weatherfeeder /weatherfeeder
+
+USER weatherfeeder
+
+# The application expects config.yml in the same directory as the binary
+ENTRYPOINT ["/weatherfeeder/weatherfeeder"]