# ===== build stage =====
FROM harbor.merlin.xin/mirrors/docker.io/library/maven:3.9.6-eclipse-temurin-17 AS builder

WORKDIR /app
COPY pom.xml .
RUN --mount=type=cache,target=/root/.m2 mvn -B -q dependency:go-offline

COPY . .
RUN --mount=type=cache,target=/root/.m2 mvn -B -q package -DskipTests


# ===== runtime stage =====
FROM harbor.merlin.xin/mirrors/docker.io/library/eclipse-temurin:17-jre-alpine

WORKDIR /app
COPY --from=builder /app/target/*.jar app.jar

RUN mkdir /app/uploads/photo

# 非 root 用户运行
RUN addgroup -S spring && adduser -S spring -G spring
USER spring

ENTRYPOINT ["java","-jar","/app/app.jar"]