# This version of Dockerfile is for building without external dependencies.
FROM golang:1.19.0-alpine AS builder
ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
WORKDIR /app
# Avoid invalidating the `go mod download` cache when only code has changed.
COPY go.mod go.sum /app/
RUN go mod download
COPY . /app/
RUN go build -o external-secrets main.go


FROM gcr.io/distroless/static AS app
COPY --from=builder /app/external-secrets /bin/external-secrets

# Run as UID for nobody
USER 65534

ENTRYPOINT ["/bin/external-secrets"]