FROM golang:1.25 AS builder

WORKDIR /src
COPY go.mod go.sum ./
RUN go mod download

COPY . .
RUN make build

# ---- runtime image ----------------------------------------------------------
FROM debian:bookworm-slim

RUN apt-get update && apt-get install -y --no-install-recommends \
        iproute2 \
    && rm -rf /var/lib/apt/lists/*

COPY --from=builder /src/bin/maglevd /usr/local/bin/maglevd

# Required capabilities:
#   CAP_NET_RAW  — open raw ICMP sockets for health probing
#
# Grant these in your container runtime, e.g.:
#   docker run --cap-add NET_RAW ...
#   or in Kubernetes via securityContext.capabilities.add

ENTRYPOINT ["/usr/local/bin/maglevd"]