# Build stage: compile mkcert from source
FROM golang:1.18-buster AS builder
WORKDIR /src

# Cache module downloads
COPY go.mod go.sum ./
RUN go mod download

# Copy the rest of the source code
COPY . .

# Build the binary (static-ish Go binary)
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-s -w" -o mkcert

# Final runtime image
FROM debian:bookworm-slim

# Install CA certificates and essential runtime packages
RUN apt-get update \
    && apt-get install -y --no-install-recommends ca-certificates tzdata \
    && rm -rf /var/lib/apt/lists/*

ENV PATH="/usr/local/bin:${PATH}"

# Copy the compiled binary from builder
COPY --from=builder /src/mkcert /usr/local/bin/mkcert

# Run as the default command. Users can pass arguments to docker run to customize behavior.
ENTRYPOINT ["mkcert"]
CMD ["-help"]