# Build stage
FROM golang:1.24-bookworm AS builder

# Install build dependencies (zstd for archive, gcc for CGO/sqlite3)
RUN apt-get update && apt-get install -y --no-install-recommends \
    zstd \
    gcc \
    libc6-dev \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /src

# Copy go.mod and go.sum first for better layer caching
COPY go.mod go.sum ./

# Download and vendor dependencies
RUN go mod download
RUN go mod vendor

# Copy source code
COPY . .

# Build the binary with CGO enabled (required for sqlite3)
RUN CGO_ENABLED=1 GOOS=linux go build -o /routewatch ./cmd/routewatch

# Create source archive with vendored dependencies
RUN tar --zstd -cf /routewatch-source.tar.zst \
    --exclude='.git' \
    --exclude='*.tar.zst' \
    .

# Runtime stage
FROM debian:bookworm-slim

# Install runtime dependencies
# - ca-certificates: for HTTPS connections
# - curl: for health checks
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user
RUN useradd -r -u 1000 -m routewatch

# Create state directory
RUN mkdir -p /var/lib/routewatch && chown routewatch:routewatch /var/lib/routewatch

WORKDIR /app

# Copy binary and source archive from builder
COPY --from=builder /routewatch /app/routewatch
COPY --from=builder /routewatch-source.tar.zst /app/source/routewatch-source.tar.zst

# Set ownership
RUN chown -R routewatch:routewatch /app

USER routewatch

# Default state directory
ENV ROUTEWATCH_STATE_DIR=/var/lib/routewatch

# Expose HTTP port
EXPOSE 8080

# Health check using the health endpoint
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
    CMD curl -sf http://localhost:8080/.well-known/healthcheck.json || exit 1

ENTRYPOINT ["/app/routewatch"]