# ---------- build ----------
FROM golang:1.24-alpine AS build
WORKDIR /src
COPY . .
RUN CGO_ENABLED=0 go build -trimpath -ldflags="-s -w" -o /out/filesvc ./cmd/filesvc

# ---------- run ----------
FROM alpine:3.22
RUN adduser -D -u 10001 filesvc && apk add --no-cache ca-certificates
USER filesvc
WORKDIR /app

# Daten & Schlüssel landen unter /data (als Volume mounten)
ENV CONFIG_DIR=/data \
    ADDR=:8080 \
    MESH_ADDR=:8443 \
    BEACON_ADDR=:9443 \
    MAX_BODY_BYTES=8388608

COPY --from=build /out/filesvc /app/filesvc
EXPOSE 8080 8443 9443
ENTRYPOINT ["/app/filesvc"]