# 构建阶段
FROM golang:1.25-alpine AS builder
WORKDIR /src
COPY go.mod go.sum ./
RUN go mod download
COPY . .

# 注入公钥
ARG PUBLIC_KEY_BASE64
RUN test -n "$PUBLIC_KEY_BASE64" || (echo "PUBLIC_KEY_BASE64 required" && exit 1)

RUN CGO_ENABLED=0 go build \
  -ldflags="-X main.publicKeyBase64=${PUBLIC_KEY_BASE64}" \
  -o /updater ./cmd/updater

# 运行阶段
FROM alpine:3.20
RUN apk add --no-cache \
  docker-cli \
  docker-cli-compose \
  ca-certificates \
  tzdata

COPY --from=builder /updater /usr/local/bin/updater
EXPOSE 8080
ENTRYPOINT ["updater"]
