# Build stage
FROM golang:1.24-alpine AS builder

# Install build dependencies
RUN apk add --no-cache \
    gcc \
    musl-dev \
    make \
    git

# Set working directory
WORKDIR /build

# Copy go mod files
COPY go.mod go.sum ./

# Download dependencies
RUN go mod download

# Copy source code
COPY . .

# Build the binary
RUN CGO_ENABLED=1 go build -v -o secret cmd/secret/main.go

# Runtime stage
FROM alpine:latest

# Install runtime dependencies
RUN apk add --no-cache \
    ca-certificates \
    gnupg

# Create non-root user
RUN adduser -D -s /bin/sh secret

# Copy binary from builder
COPY --from=builder /build/secret /usr/local/bin/secret

# Ensure binary is executable
RUN chmod +x /usr/local/bin/secret

# Switch to non-root user
USER secret

# Set working directory
WORKDIR /home/secret

# Set entrypoint
ENTRYPOINT ["secret"]