# Builds Nezha from the patch commit (d7526351cf97, 2026-05-17)
# fix(cron): restrict task delivery by owner — CVE-2026-46716 patch
FROM golang:1.26-alpine AS builder

RUN apk add --no-cache git gcc musl-dev

WORKDIR /src
RUN git clone https://github.com/nezhahq/nezha . && \
    git checkout d7526351cf97

# Create placeholder frontend dists to satisfy go:embed *-dist directive
RUN mkdir -p cmd/dashboard/admin-dist cmd/dashboard/user-dist && \
    printf '<!DOCTYPE html><html><body>Nezha Patched (CVE-2026-46716 lab)</body></html>' \
    > cmd/dashboard/admin-dist/index.html && \
    cp cmd/dashboard/admin-dist/index.html cmd/dashboard/user-dist/index.html

# Generate swagger docs to satisfy the import in controller.go
RUN go install github.com/swaggo/swag/cmd/swag@latest
RUN swag init -g cmd/dashboard/main.go -o cmd/dashboard/docs --parseDependency --parseInternal

# Build the dashboard binary with CGO for go-sqlite3
RUN CGO_ENABLED=1 go build -o /nezha-dashboard ./cmd/dashboard/

FROM alpine:3.19
RUN apk add --no-cache libc6-compat sqlite-libs
COPY --from=builder /nezha-dashboard /nezha-dashboard
EXPOSE 8008
ENTRYPOINT ["/nezha-dashboard"]