From fe5603e2061f0d827893b128e7af2abe98b76ea8 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <aksdb@gmx.de>
Date: Fri, 1 May 2026 22:05:29 +0200
Subject: [PATCH] build: add Containerfile for multi-stage container image

Three stages: node:24-alpine builds the Svelte SPA, golang:1.26-alpine
compiles the Go binary with embedded assets (-tags production), and
alpine:3.21 is the minimal runtime.

Runs as unprivileged user (uid 1000). DB_PATH defaults to /data/wotra.db
so a volume mount at /data provides persistent storage.

  podman run -e AUTH_TOKEN=secret -p 8080:8080 -v wotra-data:/data wotra
---
 Containerfile | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 Containerfile

diff --git a/Containerfile b/Containerfile
new file mode 100644
index 0000000..dff6bc7
--- /dev/null
+++ b/Containerfile
@@ -0,0 +1,38 @@
+# ── Stage 1: build Svelte frontend ──────────────────────────────────────────
+FROM node:24-alpine AS web-builder
+
+WORKDIR /app/web
+COPY web/package*.json ./
+RUN npm ci --legacy-peer-deps
+COPY web/ ./
+RUN npm run build
+
+# ── Stage 2: build Go binary ─────────────────────────────────────────────────
+FROM golang:1.26-alpine AS go-builder
+
+WORKDIR /app
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY . .
+COPY --from=web-builder /app/web/build ./web/build
+
+RUN go build -tags production -o wotra ./cmd/wotra
+
+# ── Stage 3: minimal runtime image ───────────────────────────────────────────
+FROM alpine:3.21
+
+RUN adduser -D -u 1000 wotra
+
+WORKDIR /data
+USER wotra
+
+COPY --from=go-builder /app/wotra /usr/local/bin/wotra
+
+EXPOSE 8080
+
+ENV PORT=8080 \
+    DB_PATH=/data/wotra.db \
+    TZ=UTC
+
+ENTRYPOINT ["/usr/local/bin/wotra"]