# ---------- Build stage ----------
FROM golang:1.22-alpine AS build
WORKDIR /src
# optional, aber nett für reproduzierbare Builds:
ENV CGO_ENABLED=0
# Falls du private CAs brauchst, sonst weglassen:
RUN apk add --no-cache ca-certificates
COPY go.mod ./
COPY main.go ./
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /out/mirrorweb

# ---------- Runtime stage ----------
FROM alpine:3.20
# Für TLS (falls du Traefik mal nicht davor hast) und saubere Zeit:
RUN apk add --no-cache ca-certificates tzdata && update-ca-certificates
# Non-root User
RUN addgroup -S app && adduser -S -G app app
USER app
WORKDIR /
VOLUME ["/data"]          # hier hängt dein Mirror-Volume read-only
EXPOSE 8080
COPY --from=build /out/mirrorweb /mirrorweb
ENTRYPOINT ["/mirrorweb"]