photography/backend/Dockerfile

# Photography Portfolio Backend Dockerfile
# 多阶段构建，优化镜像大小和安全性

# Stage 1: 构建阶段
FROM hub.skillixx.com/golang:1.23-alpine AS builder

# 设置工作目录
WORKDIR /app

# 配置镜像源加速
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories

# 安装构建依赖 (包含CGO所需的gcc和sqlite3开发库)
RUN apk add --no-cache git ca-certificates tzdata gcc musl-dev sqlite-dev

# 配置 Go 模块代理
ENV GOPROXY=https://goproxy.cn,direct
ENV GOSUMDB=sum.golang.google.cn

# 复制 go mod 文件并下载依赖
COPY go.mod go.sum ./
RUN go mod download

# 复制源代码
COPY . .

# 构建应用程序 (启用CGO支持SQLite，使用动态链接)
RUN CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build \
    -ldflags='-w -s' \
    -tags "sqlite_omit_load_extension" \
    -o photography-api \
    ./cmd/api/main.go

# 构建迁移工具 (启用CGO支持SQLite，使用动态链接)
RUN CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build \
    -ldflags='-w -s' \
    -tags "sqlite_omit_load_extension" \
    -o migrate \
    ./cmd/migrate/main.go

# Stage 2: 运行阶段
FROM alpine:3.19

# 配置镜像源加速
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories

# 安装运行时依赖 (包含SQLite动态库)
RUN apk add --no-cache ca-certificates tzdata sqlite

# 创建非root用户
RUN addgroup -g 1001 -S appgroup && \
    adduser -S appuser -G appgroup -u 1001

# 从builder阶段复制编译好的二进制文件
COPY --from=builder /app/photography-api /usr/local/bin/photography-api
COPY --from=builder /app/migrate /usr/local/bin/migrate

# 复制配置文件和脚本
COPY --from=builder /app/configs /configs
COPY --from=builder /app/scripts /scripts
COPY --from=builder /app/pkg/migration /pkg/migration
COPY --from=builder /app/etc /etc

# 设置目录权限
RUN mkdir -p /app && \
    chown -R appuser:appgroup /app

# 设置时区
ENV TZ=Asia/Shanghai

# 创建工作目录
WORKDIR /app

# 使用非root用户运行
USER appuser:appgroup

# 暴露端口
EXPOSE 8080

# 健康检查
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD ["/usr/local/bin/photography-api", "--health-check"]

# 启动应用
ENTRYPOINT ["/usr/local/bin/photography-api"]