# syntax=docker/dockerfile:1.6

ARG GO_VERSION=1.22

############################
# Build stage
############################
FROM golang:${GO_VERSION}-bookworm AS build

WORKDIR /src

# Install baseline packages
RUN apt-get update && apt-get install -y --no-install-recommends \
      ca-certificates tzdata git build-essential \
    && rm -rf /var/lib/apt/lists/*

# Cache dependencies first
COPY go.mod go.sum ./
RUN --mount=type=cache,target=/go/pkg/mod \
    go mod download

# Copy the rest of the source
COPY . .

# Default to a static build (no CGO)
# If errors, can build with: --build-arg CGO_ENABLED=1
ARG CGO_ENABLED=0
ARG TARGETOS=linux
ARG TARGETARCH
ENV CGO_ENABLED=${CGO_ENABLED} \
    GOOS=${TARGETOS} \
    GOARCH=${TARGETARCH}

# Build your cmd entrypoint
RUN --mount=type=cache,target=/root/.cache/go-build \
    go build \
      -trimpath \
      -ldflags="-s -w" \
      -o /out/weatherfeeder \
      ./cmd/weatherfeeder


############################
# Runtime stage
############################
FROM debian:bookworm-slim AS runtime

# Install runtime necessities
RUN apt-get update && apt-get install -y --no-install-recommends \
      ca-certificates tzdata curl \
    && rm -rf /var/lib/apt/lists/*

# Define /weatherfeeder as the working directory
WORKDIR /weatherfeeder

# Create an unprivileged user
RUN useradd \
      --system \
      --uid 10001 \
      --create-home \
      --home-dir /nonexistent \
      --shell /usr/sbin/nologin \
      weatherfeeder

# Copy the binary
COPY --from=build /out/weatherfeeder /weatherfeeder/weatherfeeder

# Make sure the user can read config.yml when it’s mounted in
RUN chown -R weatherfeeder:weatherfeeder /weatherfeeder

USER weatherfeeder

# The application expects config.yml in the same directory as the binary
ENTRYPOINT ["/weatherfeeder/weatherfeeder"]