# Dockerfile
FROM golang:1.21-alpine AS builder

# Install build dependencies
RUN apk add --no-cache git ca-certificates tzdata

# Set working directory
WORKDIR /app

# Copy go mod files
COPY go.mod go.sum ./

# Download dependencies
RUN go mod download

# Copy source code
COPY . .

# Build the application
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-extldflags "-static"' -o plcdns .

# Final stage
FROM scratch

# Copy CA certificates from builder
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

# Copy timezone data
COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo

# Copy the binary
COPY --from=builder /app/plcdns /plcdns

# Expose DNS ports (UDP and TCP)
EXPOSE 53/udp
EXPOSE 53/tcp

# Set default environment variables
ENV DNS_PORT=53

# Run as non-root user (note: for port 53, container must run with --cap-add=NET_BIND_SERVICE)
USER 65534:65534

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD ["/plcdns", "-h"] || exit 1

# Run the application
ENTRYPOINT ["/plcdns"]