FROM docker.io/golang:1.25.4-trixie AS builder

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && \
    apt-get install -y --no-install-recommends sqlite3 libsqlite3-dev && \
    rm -rf /var/lib/apt/lists/*

WORKDIR /build

COPY go.mod go.sum ./
RUN go mod download

COPY . .

RUN CGO_ENABLED=1 go build \
    -ldflags="-s -w -linkmode external -extldflags '-static'" \
    -tags sqlite_omit_load_extension \
    -trimpath \
    -o atcr-hold ./cmd/hold

# ==========================================
# Stage 2: Minimal FROM scratch runtime
# ==========================================
FROM scratch

# Copy CA certificates for HTTPS (PDS connections)
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# Copy timezone data for timestamp formatting
COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
# Copy optimized binary (SQLite embedded)
COPY --from=builder /build/atcr-hold /atcr-hold

# Expose default port
EXPOSE 8080

# OCI image annotations
LABEL org.opencontainers.image.title="ATCR Hold Service" \
      org.opencontainers.image.description="ATCR Hold Service - Bring Your Own Storage component for ATCR" \
      org.opencontainers.image.authors="ATCR Contributors" \
      org.opencontainers.image.source="https://tangled.org/evan.jarrett.net/at-container-registry" \
      org.opencontainers.image.documentation="https://tangled.org/evan.jarrett.net/at-container-registry" \
      org.opencontainers.image.licenses="MIT" \
      org.opencontainers.image.version="0.1.0" \
      io.atcr.icon="https://imgs.blue/evan.jarrett.net/1TpTOdtS60GdJWBYEqtK22y688jajbQ9a5kbYRFtwuqrkBAE" \
      io.atcr.readme="https://tangled.org/evan.jarrett.net/at-container-registry/raw/main/docs/hold.md"

ENTRYPOINT ["/atcr-hold"]