veza/veza-backend-api/Dockerfile

# Build stage
FROM golang:1.24-alpine AS builder

WORKDIR /app

# Install build dependencies
RUN apk add --no-cache git ca-certificates tzdata

# Copy go mod files first for better caching
COPY go.mod go.sum ./

# Download dependencies (this layer will be cached if go.mod/go.sum don't change)
RUN go mod download

# Copy source code
COPY . .

# Build the application
# Using CGO_ENABLED=0 for static binary and smaller size
# Using -ldflags to reduce binary size
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
    -a -installsuffix cgo \
    -ldflags="-w -s" \
    -o veza-api \
    ./cmd/api/main.go

# Runtime stage
FROM alpine:latest

# Install runtime dependencies (clamav for virus scanning in v0.101)
RUN apk --no-cache add ca-certificates tzdata wget clamav

# Create non-root user for security
RUN addgroup -g 1001 -S app && \
    adduser -S app -u 1001 -G app

# Create app directory
WORKDIR /app

# Copy binary from builder
COPY --from=builder /app/veza-api /app/veza-api

# Copy docs directory if it exists (generated by swaggo)
COPY --from=builder /app/docs /app/docs

# Copy migrations if they exist
COPY --from=builder /app/migrations /app/migrations

# Change ownership to non-root user
RUN chown -R app:app /app

# Switch to non-root user
USER app

# Expose port
EXPOSE 8080

# Health check
# P3.2: Use /api/v1/health endpoint created in P1.6
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://localhost:8080/api/v1/health || exit 1

# Run the application
CMD ["./veza-api"]