FROM golang:latest AS builder

WORKDIR /app

COPY go.mod go.sum ./
RUN go mod download

COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o main ./cmd/server

FROM alpine:latest
RUN apk --no-cache add ca-certificates \
&& addgroup -S nonroot \
&& adduser -S nonroot -G nonroot

WORKDIR /app
COPY --from=builder /app/main .
COPY --from=builder /app/internal/web ./internal/web
COPY --from=builder /app/certs ./certs
USER nonroot
EXPOSE 8080

CMD ["./main"]