FROM golang:alpine as builder

RUN apk add --no-cache git
ADD . /app
WORKDIR /app

# create appuser
ENV USER=appuser
ENV UID=10001

# See https://stackoverflow.com/a/55757473/12429735RUN
RUN adduser \
    --disabled-password \
    --gecos "" \
    --home "/nonexistent" \
    --shell "/sbin/nologin" \
    --no-create-home \
    --uid "${UID}" \
    "${USER}"

RUN go mod download
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o binary

FROM scratch as production

# import the user and group files from the builder.
COPY --from=builder /etc/passwd /etc/passwd
COPY --from=builder /etc/group /etc/group

# copy executable & config
COPY --from=builder /app/binary /app/
COPY --from=builder /app/api.json /app/

# Use an unprivileged user.
USER appuser:appuser
WORKDIR /app/

EXPOSE 4242/tcp
CMD ["/app/binary"]