FROM golang:1.25-alpine AS builder

WORKDIR /build

RUN apk add --no-cache git make

COPY go.mod go.sum ./
RUN go mod download

COPY . .

RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
    go build -trimpath -ldflags "-s -w" \
    -o memoh-server ./cmd/agent/main.go

FROM alpine:latest

WORKDIR /app

RUN apk add --no-cache ca-certificates tzdata wget nerdctl cni-plugins iptables \
    && mkdir -p /opt/cni/bin \
    && (cp -a /usr/lib/cni/. /opt/cni/bin/ 2>/dev/null || true) \
    && (cp -a /usr/libexec/cni/. /opt/cni/bin/ 2>/dev/null || true) \
    && mkdir -p /etc/cni/net.d /var/lib/cni \
    && printf '%s\n' \
      '{' \
      '  "cniVersion": "1.0.0",' \
      '  "name": "memoh-cni",' \
      '  "plugins": [' \
      '    {' \
      '      "type": "bridge",' \
      '      "bridge": "cni0",' \
      '      "isGateway": true,' \
      '      "ipMasq": true,' \
      '      "promiscMode": true,' \
      '      "ipam": {' \
      '        "type": "host-local",' \
      '        "ranges": [[' \
      '          { "subnet": "10.88.0.0/16" }' \
      '        ]],' \
      '        "routes": [' \
      '          { "dst": "0.0.0.0/0" }' \
      '        ]' \
      '      }' \
      '    },' \
      '    {' \
      '      "type": "portmap",' \
      '      "capabilities": { "portMappings": true }' \
      '    }' \
      '  ]' \
      '}' > /etc/cni/net.d/10-memoh.conflist

COPY --from=builder /build/memoh-server /app/memoh-server
COPY --from=builder /build/spec /app/spec

RUN mkdir -p /opt/memoh/data

EXPOSE 8080

HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1

CMD ["/app/memoh-server"]