FROM golang:1.22-alpine3.20 AS builder

WORKDIR /app
COPY . .

RUN go mod download && go mod verify
RUN CGO_ENABLED=0 go build -ldflags="-s -w" -trimpath -o build/goscan

FROM alpine:3.20
LABEL maintainer="shane@scaffoe.com" \
    org.opencontainers.image.authors="Shane C." \
    org.opencontainers.image.source="https://git.shadowhosting.xyz/shanec/goscan" \
    org.opencontainers.image.licenses="Unlicense" \
    org.opencontainers.image.title="GoScan (GoSec Scanner for Forgejo)"

RUN apk --no-cache update && apk --no-cache upgrade && apk add curl dumb-init bash ca-certificates && rm -rf /var/cache/apk/*

COPY --from=builder /app/build/goscan /goscan
COPY ./docker/daemon_entrypoint.sh /usr/local/bin/docker-entrypoint.sh

RUN addgroup -S -g 1000 goscan && adduser -S -H -D -h /var/lib/goscan -s /bin/bash -u 1000 -G goscan goscan
RUN mkdir -p /var/lib/goscan && chown -R goscan:goscan /var/lib/goscan

USER 1000:1000
ENV HOME="/var/lib/goscan"
VOLUME ["/var/lib/goscan"]
WORKDIR /var/lib/goscan

ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
CMD []