## Build stage
FROM golang:1.24-alpine AS builder

WORKDIR /src

# Install build dependencies (none needed for static build) and enable static build
# Make the build architecture-aware for buildx multi-arch builds
ARG TARGETOS
ARG TARGETARCH
ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH}

# Cache go modules
COPY app/web/go.mod ./app/web/
RUN cd app/web && go mod download

# Copy source
COPY app/web/ ./app/web/

# Build
RUN cd app/web && go build -o /out/freemoto-web ./

## Runtime stage
FROM alpine:3.20

WORKDIR /app/web

# Add CA certificates for any outbound HTTPS (future-proofing)
RUN apk add --no-cache ca-certificates tzdata wget

# Copy binary and static files
COPY --from=builder /out/freemoto-web /app/web/freemoto-web
COPY app/web/static/ /app/web/static/

# Use non-root user (create group explicitly for Alpine)
RUN addgroup -S appuser \
    && adduser -S -D -H -h /nonexistent -G appuser appuser \
    && chown -R appuser:appuser /app
USER appuser

ENV PORT=8080
EXPOSE 8080

# Simple healthcheck against /healthz
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD wget -qO- http://127.0.0.1:${PORT}/healthz || exit 1

ENTRYPOINT ["/app/web/freemoto-web"]