# syntax=docker/dockerfile:1
#
# Multi-stage so the private-module access token used to fetch the majordomo
# dependency lives ONLY in the build stage and never lands in the final image.

FROM golang:1.26 AS build
ARG GIT_HOST=gitea.stevedudenhoeffer.com
ARG GIT_USER=
ARG GIT_TOKEN=
ENV CGO_ENABLED=0 \
    GOFLAGS=-mod=mod \
    GOSUMDB=off
ENV GOPRIVATE=${GIT_HOST}/* GONOSUMDB=${GIT_HOST}/*
WORKDIR /src
# Private Go module access (majordomo). Token is confined to this stage.
RUN if [ -n "$GIT_TOKEN" ]; then \
      git config --global url."https://${GIT_USER}:${GIT_TOKEN}@${GIT_HOST}/".insteadOf "https://${GIT_HOST}/"; \
    fi
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN go build -trimpath -ldflags="-s -w" -o /out/gadfly ./cmd/gadfly

FROM alpine:3.20
RUN apk add --no-cache bash git curl jq ca-certificates
COPY --from=build /out/gadfly /usr/local/bin/gadfly
COPY scripts /app/scripts
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh /app/scripts/run.sh /usr/local/bin/gadfly
ENTRYPOINT ["/entrypoint.sh"]
