# Build Stage
FROM golang:1.21-alpine AS build

# Install necessary packages including CA certificates
RUN apk --no-cache add ca-certificates tzdata git curl

WORKDIR /src

# Copy go mod files first for better caching
COPY go.mod go.sum ./

# Download dependencies
RUN go mod download

# Copy source code
COPY . .

# Build the application
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o /app cmd/server/main.go

# Development Stage
FROM golang:1.21-alpine AS development

# Install air for live reload and other dev tools
RUN go install github.com/cosmtrek/air@latest

# Install necessary packages
RUN apk --no-cache add ca-certificates tzdata git curl

WORKDIR /app

# Copy go mod files
COPY go.mod go.sum ./
RUN go mod download

# Copy source code
COPY . .

# Set timezone
ENV TZ=Asia/Jakarta

# Expose port
EXPOSE 3300

# Use air for live reload in development
CMD ["air", "-c", ".air.toml"]

# Migration Stage
FROM build AS migration

# Install migration tool
RUN go install -tags 'postgres' github.com/golang-migrate/migrate/v4/cmd/migrate@latest

WORKDIR /app

# Copy migration files
COPY migrations ./migrations
COPY infra ./infra

# Set the entrypoint for migrations
ENTRYPOINT ["migrate"]

# Production Stage
FROM debian:bullseye-slim AS production

# Install minimal runtime dependencies + Chrome, Chromium, and wkhtmltopdf for PDF generation
RUN apt-get update && apt-get install -y \
    ca-certificates \
    tzdata \
    curl \
    fontconfig \
    wget \
    gnupg \
    && wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \
    && echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list \
    && apt-get update \
    && apt-get install -y google-chrome-stable chromium wkhtmltopdf \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user for security
RUN groupadd -r appuser && useradd -r -g appuser appuser

# Copy the binary
COPY --from=build /app /app

# Copy configuration files
COPY --from=build /src/infra /infra

# Change ownership to non-root user
RUN chown -R appuser:appuser /app /infra

# Set timezone
ENV TZ=Asia/Jakarta

# Expose port
EXPOSE 3300

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
  CMD curl -f http://localhost:3300/health || exit 1

# Switch to non-root user
USER appuser

# Set the entrypoint
ENTRYPOINT ["/app"]
