# Multi-stage build for BZZZ SLURP Coordinator
FROM golang:1.21-alpine AS builder

# Install build dependencies
RUN apk add --no-cache git ca-certificates tzdata make

# Set working directory
WORKDIR /build

# Copy go mod files
COPY go.mod go.sum ./
RUN go mod download

# Copy source code
COPY . .

# Build the application with optimizations
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
    -ldflags='-w -s -extldflags "-static"' \
    -a -installsuffix cgo \
    -o slurp-coordinator \
    ./cmd/slurp-coordinator

# Create runtime image with minimal attack surface
FROM alpine:3.19

# Install runtime dependencies
RUN apk add --no-cache \
    ca-certificates \
    tzdata \
    curl \
    && rm -rf /var/cache/apk/*

# Create application user
RUN addgroup -g 1001 -S slurp && \
    adduser -u 1001 -S slurp -G slurp -h /home/slurp

# Set working directory
WORKDIR /app

# Copy the binary
COPY --from=builder /build/slurp-coordinator .
COPY --from=builder /build/config ./config

# Create necessary directories
RUN mkdir -p /app/data /app/logs /app/config && \
    chown -R slurp:slurp /app

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD curl -f http://localhost:8080/health || exit 1

# Switch to non-root user
USER slurp

# Expose ports
EXPOSE 8080 9090 9091

# Set entrypoint
ENTRYPOINT ["./slurp-coordinator"]
CMD ["--config", "config/coordinator.yaml"]

# Labels
LABEL maintainer="BZZZ Team"
LABEL version="1.0.0"
LABEL component="coordinator"
LABEL description="BZZZ SLURP Coordination Service"