# -------------------------
# Build container for aliyunpan (Go CLI)
# -------------------------

# Stage 1: build the static binary
FROM golang:tip-alpine3.23 AS builder

# Build arguments
ARG APP_VERSION

# Enable modules and set workdir
ENV GO111MODULE=on
WORKDIR /src

# Cache module downloads first
COPY go.mod go.sum ./
RUN go mod download

# Copy source and build
COPY . .

RUN if [ -n "$APP_VERSION" ]; then \
      CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-X main.Version=${APP_VERSION} -s -w" -o aliyunpan; \
    else \
      CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-s -w" -o aliyunpan; \
    fi

# Stage 2: runtime image
FROM alpine:3.19

# Install CA certificates for TLS and ensure small footprint
RUN apk add --no-cache ca-certificates

# Create non-root user for runtime
RUN adduser -D -u 1000 appuser

# Create working dirs
RUN mkdir -p /home/app/config /home/app/data
RUN chown -R appuser:appuser /home/app

WORKDIR /home/app

# Copy the built binary from builder
COPY --from=builder /src/aliyunpan /usr/local/bin/aliyunpan

# Default config dir and volumes for data/config
ENV ALIYUNPAN_CONFIG_DIR=/home/app/config
VOLUME ["/home/app/config", "/home/app/data"]

# Run as non-root
USER appuser

# Health check to verify binary responds to help
HEALTHCHECK --interval=30s --timeout=3s --retries=3 CMD /bin/sh -lc "aliyunpan --help >/dev/null 2>&1 || exit 1"

# Entrypoint is the Aliyunpan binary
ENTRYPOINT ["/usr/local/bin/aliyunpan"]