# Stage 1: Build the kubeopencode unified binary

FROM golang:1.26-alpine AS builder

ARG TARGETOS

ARG TARGETARCH

ARG VERSION=dev

ARG GIT_COMMIT=unknown

ARG BUILD_TIME=unknown

WORKDIR /workspace

# Copy the Go Modules manifests

COPY go.mod go.mod

COPY go.sum go.sum

# Copy the go source

COPY cmd/ cmd/

COPY api/ api/

COPY internal/ internal/

COPY vendor/ vendor/

COPY ui/ ui/

# Build using vendor directory (faster, no download needed)

# Build the unified kubeopencode binary with all subcommands

RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build \

-mod=vendor \

-ldflags="-s -w -X main.Version=${VERSION} -X main.GitCommit=${GIT_COMMIT} -X main.BuildDate=${BUILD_TIME}" \

-a \

-o kubeopencode \

./cmd/kubeopencode/

# Runtime stage - use alpine for git and ssh (required for git-init)

FROM alpine:3.23

# Re-declare ARGs for this stage (ARGs don't persist across stages)

ARG GIT_COMMIT=unknown

ARG BUILD_TIME=unknown

# Install git, ssh client, and Node.js/npm

# - git + openssh-client: repository cloning (git-init subcommand)

# - nodejs + npm: plugin dependency installation (plugin-init subcommand)

RUN apk add --no-cache \

git \

openssh-client \

tzdata \

nodejs \

npm \

&& rm -rf /var/cache/apk/*

# Add labels for traceability

LABEL org.opencontainers.image.revision="${GIT_COMMIT}" \

org.opencontainers.image.created="${BUILD_TIME}" \

org.opencontainers.image.source="https://github.com/kubeopencode/kubeopencode" \

org.opencontainers.image.title="kubeopencode" \

org.opencontainers.image.description="KubeOpenCode - Kubernetes-native AI task execution"

# Copy the binary from builder

COPY --from=builder /workspace/kubeopencode /kubeopencode

# Create the default directories for git-init and save-session

RUN mkdir -p /git /pvc /signal && chmod 777 /git /pvc /signal

# Run as non-root user for security

RUN adduser -D -u 65532 kubeopencode

USER 65532

ENTRYPOINT ["/kubeopencode"]