# Build stage
FROM golang:1.22-alpine AS builder

WORKDIR /build

# Copy go mod files
COPY go.mod go.sum* ./
RUN go mod download || go mod tidy

# Copy source
COPY . .

# Build arguments for version injection
ARG VERSION=dev
ARG GIT_COMMIT=unknown
ARG BUILD_TIME=unknown

# Build with ldflags
RUN CGO_ENABLED=0 GOOS=linux go build \
    -ldflags="-s -w -X main.version=${VERSION} -X main.gitCommit=${GIT_COMMIT} -X main.buildTime=${BUILD_TIME}" \
    -o obm ./cmd/obm

# Runtime stage
FROM alpine:3.20

WORKDIR /app

# Install ca-certificates for HTTPS
RUN apk --no-cache add ca-certificates tzdata

# Copy binary from builder
COPY --from=builder /build/obm /usr/local/bin/obm

# Create non-root user
RUN addgroup -g 1000 obm && \
    adduser -D -u 1000 -G obm -h /home/obm obm && \
    chown -R obm:obm /app

USER obm

# Set entrypoint
ENTRYPOINT ["obm"]
CMD ["--help"]