# syntax=docker/dockerfile:1

# Build stage
FROM golang:1.25-alpine AS builder

RUN apk add --no-cache git ca-certificates tzdata

WORKDIR /app

# Copy go.work and module files for dependency caching
COPY go.work ./
COPY pkg/go.mod pkg/go.sum ./pkg/
COPY pkg/can-go/go.mod pkg/can-go/go.sum ./pkg/can-go/
COPY services/gateway/go.mod services/gateway/go.sum ./services/gateway/

# Download dependencies (cached layer)
RUN --mount=type=cache,target=/go/pkg/mod \
    go mod download -x

# Copy source
COPY pkg/ ./pkg/
COPY services/gateway/ ./services/gateway/

# Build static binary
WORKDIR /app/services/gateway
RUN --mount=type=cache,target=/go/pkg/mod \
    --mount=type=cache,target=/root/.cache/go-build \
    CGO_ENABLED=0 GOOS=linux \
    go build -ldflags="-s -w" -trimpath -o /gateway .

# Runtime stage - distroless for minimal attack surface
FROM gcr.io/distroless/static-debian12:nonroot

COPY --from=builder /gateway /gateway
COPY --from=builder /app/services/gateway/docs /docs
COPY --from=builder /app/pkg/logger/log_config /log_config
COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo

ENV LOG_CONFIG=/log_config
ENV TZ=UTC

EXPOSE 8077 11011

ENTRYPOINT ["/gateway"]