# Multi-stage Dockerfile for librenotes.
#
# Stage 1: build the static, CGO-free binary. modernc.org/sqlite
# is pure-Go so we don't need libc; this lets us drop the runtime
# image to gcr.io/distroless/static, which is ~2 MB.
#
# Stage 2: run as non-root (distroless static's "nonroot" user,
# uid 65532) with /data and /var/lib/librenotes mounted from
# named volumes so the database and per-tenant note files survive
# container restarts.

# ---- build ----
FROM golang:1.25-bookworm AS build
WORKDIR /src

# Cache module downloads on a separate layer.
COPY go.mod go.sum ./
RUN go mod download

COPY . .

ARG VERSION=dev
ARG BUILDTIME
ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
RUN go build \
      -trimpath \
      -ldflags "-s -w \
        -X git.librete.ch/public/librenotes/internal/notesium.gitversion=${VERSION} \
        -X git.librete.ch/public/librenotes/internal/notesium.buildtime=${BUILDTIME}" \
      -o /out/librenotes \
      ./cmd/librenotes

# ---- runtime ----
FROM gcr.io/distroless/static:nonroot AS runtime
COPY --from=build /out/librenotes /librenotes
USER nonroot:nonroot
EXPOSE 8080
VOLUME ["/data", "/var/lib/librenotes"]
ENV LIBRENOTES_ADDR=":8080" \
    LIBRENOTES_DATA_DIR="/data" \
    LIBRENOTES_DB="/var/lib/librenotes/librenotes.db"
ENTRYPOINT ["/librenotes", "serve"]
