# Build stage
FROM golang:1.22.5-alpine AS builder

# Install build dependencies
RUN apk add --no-cache git make gcc musl-dev sqlite-dev

WORKDIR /app

# Copy go mod files
COPY go.mod go.sum ./
RUN go mod download

# Copy source code
COPY . .

# Build the application
RUN CGO_ENABLED=1 GOOS=linux go build -o byom-onboard ./cmd/api/main.go

# Final stage
FROM alpine:3.19

# Install runtime dependencies
RUN apk add --no-cache ca-certificates tzdata sqlite sqlite-dev

# Create non-root user
RUN adduser -D -H -h /app appuser

WORKDIR /app

# Copy binary from builder
COPY --from=builder /app/byom-onboard .
COPY config.yaml .

# Create data directory and set permissions
RUN mkdir -p /app/data && \
    chown -R appuser:appuser /app

USER appuser

EXPOSE 8080

ENV CONFIG_FILE=/app/config.yaml

CMD ["./byom-onboard", "serve", "--config=/app/config.yaml"]