FROM amd64/golang:1.26.4@sha256:7e2272a5fbd7b0c36ea4923f6ac62c371cfa6fbd93b22b21ee86fa7a1ba5d720 as modules
WORKDIR /build
ENV GOPRIVATE=gitea.unbound.se/shiny,gitea.unbound.se/unboundsoftware
ADD go.* /build
RUN go mod download

FROM modules as build
ARG CI_COMMIT
WORKDIR /build
ENV CGO_ENABLED=0
ADD . /build
RUN GOOS=linux GOARCH=amd64 go build \
        -tags prod \
        -a -installsuffix cgo \
        -mod=readonly \
        -o /release/service \
        -ldflags "-w -s -X main.buildVersion=${CI_COMMIT}" \
        ./cmd/service/service.go

FROM scratch
ENV TZ Europe/Stockholm
COPY --from=build /usr/share/zoneinfo /usr/share/zoneinfo
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /release/service /
CMD ["/service"]
