# Workaround for https://github.com/GoogleContainerTools/distroless/issues/1342
FROM golang:1.23.4-bullseye AS builder

WORKDIR /go/src/github.com/ory/keto

RUN apt-get update && apt-get upgrade -y &&\
    mkdir -p /var/lib/sqlite &&\
    mkdir -p ./internal/httpclient

COPY go.mod go.mod
COPY go.sum go.sum

COPY proto/go.mod proto/go.mod
COPY proto/go.sum proto/go.sum

ENV CGO_ENABLED 1

RUN go mod download

COPY . .

RUN go build -buildvcs=false -tags sqlite -o /usr/bin/keto .

#########################

FROM gcr.io/distroless/base-nossl-debian12:nonroot AS runner

COPY --from=builder --chown=nonroot:nonroot /var/lib/sqlite /var/lib/sqlite
COPY --from=builder /usr/bin/keto /usr/bin/keto

VOLUME /var/lib/sqlite

EXPOSE 4466 4467

ENTRYPOINT ["keto"]
CMD ["serve"]
