FROM golang:alpine as builder

# ------------------------ #
# (1) install dependencies
# ------------------------ #

# git is needed for go modules
RUN apk add git

# upx to shrink executable size
ARG UPX_VERSION="3.96"
RUN apk add curl && \
	curl -L https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-amd64_linux.tar.xz -o /tmp/upx.tar.xz && \
	tar -xf /tmp/upx.tar.xz -C /tmp/ && ls /tmp;

# copy sources
ADD . /app
WORKDIR /app

# compile
RUN go mod download && \
	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o /app/binary

# shrink executable
RUN /tmp/upx-${UPX_VERSION}-amd64_linux/upx --brute /app/binary

# create appuser
ENV USER=appuser
ENV UID=10001

# See https://stackoverflow.com/a/55757473/12429735RUN
RUN adduser \
    --disabled-password \
    --gecos "" \
    --home "/nonexistent" \
    --shell "/sbin/nologin" \
    --no-create-home \
    --uid "${UID}" \
    "${USER}"

FROM scratch as production

# import the user and group files from the builder.
COPY --from=builder /etc/passwd /etc/passwd
COPY --from=builder /etc/group /etc/group

# copy executable & config
COPY --from=builder /app/binary /app/
COPY --from=builder /app/api.json /app/
WORKDIR /app/

# Use an unprivileged user.
USER appuser:appuser

EXPOSE 4242/tcp
ENTRYPOINT ["/app/binary"]