# Multi-stage build: compile a static Go binary, ship it on distroless.
# No host Go toolchain required — everything happens inside the build stage.
FROM golang:1.25-bookworm AS build
WORKDIR /src

# No local Go toolchain is available to maintain go.sum, so resolve and lock
# dependencies inside the build (network is available here). `go mod tidy`
# reads the imports from the source and writes go.mod/go.sum, then we build.
COPY . .
RUN go mod tidy
RUN go test ./...
ARG BUILD_VERSION=dev
RUN CGO_ENABLED=0 GOOS=linux go build \
    -trimpath \
    -ldflags "-s -w -X main.buildVersion=${BUILD_VERSION}" \
    -o /out/tracker-go .

FROM gcr.io/distroless/static-debian12:nonroot
COPY --from=build /out/tracker-go /tracker-go
EXPOSE 8770
ENTRYPOINT ["/tracker-go"]