From e3fbf65ad6fce5df661fd8f65a089b87ce4379b5 Mon Sep 17 00:00:00 2001
From: loweel <loweel@gmx.de>
Date: Mon, 27 Oct 2025 14:52:33 +0100
Subject: [PATCH] Dockerfile update

---
 Dockerfile | 47 ++++++++++++++++++++++-------------------------
 1 file changed, 22 insertions(+), 25 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ce09022..9136088 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,41 +1,38 @@
-# ====== STAGE 1: build ======
-FROM golang:latest AS builder
-
-# Installa tool utili per mod e certs (git, ca)
-RUN apt install  git ca-certificates -y
+# ====== STAGE 1: build (Chainguard/Wolfi -> usa apk) ======
+FROM cgr.dev/chainguard/go:latest AS builder
 
+#RUN apk add --no-cache git ca-certificates
 WORKDIR /src
 
+# (consigliato: scarica mod prima per caching)
+#COPY go.mod go.sum ./
+#RUN go mod download
+#RUN go mod vendor
+
 COPY . .
-RUN go mod tidy ; go mod vendor
-
-
-# Compila binario statico e snello
-ENV CGO_ENABLED=0
+RUN go mod tidy
+RUN go mod vendor
+ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
 RUN go build -trimpath -ldflags="-s -w" -o /out/money ./...
 
-# ====== STAGE 2: runtime ======
-FROM alpine:3.20
+# ====== STAGE 2: runtime (Debian da ECR Public) ======
+FROM public.ecr.aws/docker/library/debian:bookworm-slim
 
-# Certificati TLS per HTTPS (Binance/THOR/Matrix) + tzdata opzionale
-RUN apk add --no-cache ca-certificates tzdata
+RUN set -eux; \
+    apt-get update; \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+      ca-certificates tzdata bash curl git; \
+    rm -rf /var/lib/apt/lists/*
 
-# Crea utente non-root
-RUN adduser -D -u 1001 appuser
+# crea utente non-root (USER appuser ti falliva perché non esisteva)
+RUN useradd -r -u 10001 -g root appuser
 
 WORKDIR /app
-
-# Directory dati persistenti (montabili come volume)
-RUN mkdir -p /app/data /app/state && chown -R appuser:appuser /app
-
-# Copia binario
 COPY --from=builder /out/money /app/money
 
-USER appuser
+USER 10001
 
-# Env di default (puoi sovrascriverle in compose)
 ENV DATA_DIR=/app/data \
     STATE_DIR=/app/state
 
-# Avvio demone
-CMD ["/app/money"]
+ENTRYPOINT ["/app/money"]