# ====== STAGE 1: build ======
FROM golang:latest AS builder

# Installa tool utili per mod e certs (git, ca)
RUN apt install  git ca-certificates -y

WORKDIR /src

COPY . .
RUN go mod tidy ; go mod vendor


# Compila binario statico e snello
ENV CGO_ENABLED=0
RUN go build -trimpath -ldflags="-s -w" -o /out/money ./...

# ====== STAGE 2: runtime ======
FROM alpine:3.20

# Certificati TLS per HTTPS (Binance/THOR/Matrix) + tzdata opzionale
RUN apk add --no-cache ca-certificates tzdata

# Crea utente non-root
RUN adduser -D -u 1001 appuser

WORKDIR /app

# Directory dati persistenti (montabili come volume)
RUN mkdir -p /app/data /app/state && chown -R appuser:appuser /app

# Copia binario
COPY --from=builder /out/money /app/money

USER appuser

# Env di default (puoi sovrascriverle in compose)
ENV DATA_DIR=/app/data \
    STATE_DIR=/app/state

# Avvio demone
CMD ["/app/money"]