# 多阶段构建 Dockerfile
# 支持多架构: linux/amd64, linux/arm64

# 构建阶段
FROM --platform=$BUILDPLATFORM golang:1.21-alpine AS builder

# 安装构建依赖
RUN apk add --no-cache git ca-certificates tzdata

# 设置工作目录
WORKDIR /app

# 复制 go mod 文件
COPY go.mod go.sum ./

# 下载依赖
RUN go mod download

# 复制源代码
COPY . .

# 构建参数
ARG TARGETOS
ARG TARGETARCH
ARG VERSION=v1.1.0

# 构建二进制文件
RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build \
    -ldflags "-X main.version=${VERSION} -X main.buildTime=$(date -u '+%Y-%m-%d_%H:%M:%S') -X main.gitCommit=$(git rev-parse --short HEAD 2>/dev/null || echo 'unknown') -s -w" \
    -o wormhole-server \
    cmd/wormhole-server/main.go

# 运行阶段
FROM --platform=$TARGETPLATFORM alpine:latest

# 安装运行时依赖
RUN apk --no-cache add ca-certificates tzdata && \
    addgroup -g 1000 wormhole && \
    adduser -D -s /bin/sh -u 1000 -G wormhole wormhole

# 设置工作目录
WORKDIR /app

# 从构建阶段复制二进制文件
COPY --from=builder /app/wormhole-server .
COPY --from=builder /app/configs ./configs

# 设置权限
RUN chown -R wormhole:wormhole /app

# 切换到非root用户
USER wormhole

# 暴露端口
EXPOSE 1080 8090

# 健康检查
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://localhost:8090/health || exit 1

# 启动命令
ENTRYPOINT ["./wormhole-server"]
CMD ["-config", "configs/server.yaml"]