# Accept GOOS and GOARCH as build arguments
ARG GOOS=linux
ARG GOARCH=amd64

# Build stage
FROM golang:1-alpine AS builder
WORKDIR /app
COPY . .
RUN CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} go build -ldflags="-s -w" -o zurg cmd/zurg/main.go

# Obfuscation stage
FROM alpine:3 AS obfuscator
WORKDIR /app
COPY --from=builder /app/zurg .
# RUN apk add --no-cache upx
# RUN upx --brute zurg
# Create a health check script that extracts the port from the config file
RUN echo $'#!/bin/sh\n\
port=$(yaml read /app/config.yml port)\n\
nc -z localhost $port || exit 1' > /app/healthcheck.sh && \
    chmod +x /app/healthcheck.sh

# Final stage
FROM alpine:3
WORKDIR /app

# Accept UID and GID as build arguments with default values
ARG UID=1000
ARG GID=1000

# Add a group with the specified GID
RUN addgroup -g ${GID} appgroup

# Add a user with the specified UID and add to the group
RUN adduser -u ${UID} -D -G appgroup appuser

# Change the ownership of the /app directory to the appuser
RUN chown -R appuser:appgroup /app

# Copy the obfuscated binary from the obfuscator stage
COPY --from=obfuscator /app/zurg .
COPY --from=obfuscator /app/healthcheck.sh .

# Copy the rest of the application files, including the config.yml
COPY config.yml.example /app/config.yml

# Install runtime dependencies and configure FUSE
RUN apk add --no-cache fuse3 netcat-openbsd yaml-cpp \
    && echo 'user_allow_other' >> /etc/fuse.conf

# Use the non-root user to run the application
USER appuser

# Use the script for the health check
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD /app/healthcheck.sh

ENTRYPOINT ["./zurg"]