# syntax=docker/dockerfile:1.4

FROM golang:1.24-alpine AS builder 

# --- STAGE 1: Builder ---

# 1. Install dependencies for CGO and runtime
# gcc and musl-dev are required on Alpine when CGO_ENABLED=1 (necessary for go-sqlite3).
# ca-certificates is needed for HTTPS/TLS connections during module download and runtime.
RUN apk add --no-cache ca-certificates gcc musl-dev

# Set the working directory for the build
WORKDIR /app

# Copy the dependency files first for better build caching
COPY go.mod go.sum ./

# Download all dependencies
RUN go mod download

# Copy the rest of the source code
# NOTE: Ensure you have a .dockerignore file that excludes 'tempCodeRunnerFile.go' here
COPY . .

# Build the final executable
# CGO_ENABLED=1 creates a statically linked binary.
RUN CGO_ENABLED=1 GOOS=linux go build -a -installsuffix cgo -ldflags="-s -w" -o /xds-server .

# 2. Clean up build dependencies
# Remove packages not needed for the final binary to keep the intermediate layer smaller.
RUN apk del gcc musl-dev


# --- STAGE 2: Create the minimal runtime image ---
FROM alpine:latest

# Install ca-certificates again for the final image to handle HTTPS/TLS connections
RUN apk add --no-cache ca-certificates

# Set the working directory for the final application
WORKDIR /app

# Create a non-root user and group for security best practice
RUN addgroup -S appuser && adduser -S -G appuser appuser
USER appuser

# Copy the built binary from the 'builder' stage
COPY --from=builder --chown=appuser:appuser /xds-server /usr/local/bin/xds-server

# Copy the static assets (e.g., HTML files) and assign ownership to the non-root user.
# The source is the build context (EnvoyControlPlane/static/) and the destination is inside the container (/app/static/).
COPY --chown=appuser:appuser static/ /app/static/ 

# Expose the ports for the xDS server (18000) and the REST API (8080)
EXPOSE 18000
EXPOSE 8080

# Define the command to run the application
ENTRYPOINT ["/usr/local/bin/xds-server"]
CMD ["--nodeID", "proxy", "--config-dir", "/app/configs"]