# CHORUS - Container-First P2P Task Coordination System
# Multi-stage build for minimal production image

FROM golang:1.23-alpine AS builder

# Install build dependencies
RUN apk --no-cache add git ca-certificates

WORKDIR /build

# Copy go mod files first (for better caching)
COPY go.mod go.sum ./

# Skip go mod download; we rely on vendored deps to avoid local replaces
RUN echo "Using vendored dependencies (skipping go mod download)"

# Copy source code
COPY . .

# Build the CHORUS agent binary with vendored deps
RUN CGO_ENABLED=0 GOOS=linux go build \
    -mod=vendor \
    -ldflags='-w -s -extldflags "-static"' \
    -o chorus-agent \
    ./cmd/agent

# Final minimal runtime image
FROM alpine:3.18

# Install runtime dependencies
RUN apk --no-cache add \
    ca-certificates \
    tzdata \
    curl

# Create non-root user for security
RUN addgroup -g 1000 chorus && \
    adduser -u 1000 -G chorus -s /bin/sh -D chorus

# Create application directories
RUN mkdir -p /app/data && \
    chown -R chorus:chorus /app

# Copy binary from builder stage
COPY --from=builder /build/chorus-agent /app/chorus-agent
RUN chmod +x /app/chorus-agent

# Switch to non-root user
USER chorus
WORKDIR /app

# Expose ports
EXPOSE 8080 8081 9000

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:8081/health || exit 1

# Set default environment variables
ENV LOG_LEVEL=info \
    LOG_FORMAT=structured \
    CHORUS_BIND_ADDRESS=0.0.0.0 \
    CHORUS_API_PORT=8080 \
    CHORUS_HEALTH_PORT=8081 \
    CHORUS_P2P_PORT=9000

# Start CHORUS Agent
ENTRYPOINT ["/app/chorus-agent"]