# ---------- build ----------
FROM golang:1.24-alpine AS build
WORKDIR /src 
COPY . .
RUN CGO_ENABLED=0 go build -trimpath -ldflags="-s -w" -o /out/unified ./cmd/unified

# ---------- run ----------
FROM alpine:3.22
RUN adduser -D -u 10001 unified && apk add --no-cache ca-certificates
USER unified
WORKDIR /app

# Daten & Schlüssel landen unter /data (als Volume mounten)
ENV CONFIG_DIR=/data \
    ADDR=:8080 \
    MESH_ADDR=:8443 \
    BEACON_ADDR=:9443 \
    MAX_BODY_BYTES=8388608

COPY --from=build /out/unified /app/unified
EXPOSE 8080 8443 9443
ENTRYPOINT ["/app/unified"]