WHOOSH/Dockerfile

FROM golang:1.22-alpine AS builder

# Install build dependencies
RUN apk add --no-cache git ca-certificates tzdata

# Set working directory
WORKDIR /app

# Copy BACKBEAT dependency first
COPY BACKBEAT-prototype ./BACKBEAT-prototype/

# Copy go mod files first for better caching
COPY go.mod go.sum ./

# Download and verify dependencies
RUN go mod download && go mod verify

# Copy source code
COPY . .

# Create modified group file with docker group for container access
# Use GID 998 to match the host system's docker group
RUN cp /etc/group /tmp/group && \
    echo "docker:x:998:65534" >> /tmp/group

# Build with optimizations and version info
ARG VERSION=v0.1.0-mvp
ARG COMMIT_HASH
ARG BUILD_DATE
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
    -mod=mod \
    -ldflags="-w -s -X main.version=${VERSION} -X main.commitHash=${COMMIT_HASH} -X main.buildDate=${BUILD_DATE}" \
    -a -installsuffix cgo \
    -o whoosh ./cmd/whoosh

# Final stage - minimal security-focused image
FROM scratch

# Copy timezone data and certificates from builder
COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

# Copy passwd and modified group file for non-root user with docker access
COPY --from=builder /etc/passwd /etc/passwd
COPY --from=builder /tmp/group /etc/group

# Create app directory structure
WORKDIR /app

# Copy application binary and migrations
COPY --from=builder --chown=65534:65534 /app/whoosh /app/whoosh
COPY --from=builder --chown=65534:65534 /app/migrations /app/migrations

# Use nobody user (UID 65534) with docker group access (GID 998)
# Docker group was added to /etc/group in builder stage
USER 65534:998

# Expose port
EXPOSE 8080

# Health check using the binary itself
HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
    CMD ["/app/whoosh", "--health-check"]

# Set metadata
LABEL maintainer="CHORUS Ecosystem" \
      description="WHOOSH - Autonomous AI Development Teams" \
      org.opencontainers.image.title="WHOOSH" \
      org.opencontainers.image.description="Orchestration platform for autonomous AI development teams" \
      org.opencontainers.image.vendor="CHORUS Services"

# Run the application
ENTRYPOINT ["/app/whoosh"]
CMD []