From 38edbf63cc54f83f08c075624b7b6476a1297ad0 Mon Sep 17 00:00:00 2001
From: acty <acty@local>
Date: Tue, 3 Feb 2026 18:05:15 +0900
Subject: [PATCH] feat(01-01): create multi-stage Dockerfile

- Multi-stage build using golang:1.25-bookworm and debian:bookworm-slim
- CGO_ENABLED=0 for static binary compilation
- Cross-platform support via TARGETOS/TARGETARCH
- Non-root user (appuser) for security
- Data volume mount at /data
- Port 32768 exposed
- .dockerignore excludes build artifacts and planning docs
---
 .dockerignore     | 11 +++++++++++
 docker/Dockerfile | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 .dockerignore
 create mode 100644 docker/Dockerfile

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..acb6b04
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,11 @@
+.git
+.gitignore
+README.md
+*.md
+.env
+.env.local
+.DS_Store
+.air.toml
+docker-compose.yml
+.planning/
+tmp/
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..1c544c7
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,37 @@
+# Build stage - use native platform for fast builds
+FROM --platform=$BUILDPLATFORM golang:1.25-bookworm AS builder
+
+WORKDIR /build
+
+# Cache dependencies separately from source code
+COPY go.mod go.sum ./
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build for target platform with static binary
+ARG TARGETOS TARGETARCH
+RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} \
+    go build -ldflags="-w -s" -o /server ./cmd/server
+
+# Runtime stage - debian slim for debugging capability
+FROM debian:bookworm-slim
+
+# Create non-root user for security
+RUN useradd -u 10001 -m appuser
+
+# Switch to non-root user
+USER appuser
+
+# Copy binary from build stage
+COPY --from=builder /server /usr/local/bin/server
+
+# Declare data volume mount point
+VOLUME /data
+
+# Expose application port
+EXPOSE 32768
+
+# Run the server
+CMD ["server"]