breakpilot-compliance/ai-compliance-sdk/Dockerfile

# Build stage
FROM golang:1.24-alpine AS builder

WORKDIR /app

# Install git (required for go mod)
RUN apk add --no-cache git

# Copy go mod files
COPY go.mod go.sum* ./
RUN go mod download

# Copy source code
COPY . .

# Build the application
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o /ai-compliance-sdk ./cmd/server

# Runtime stage
FROM alpine:3.21

WORKDIR /app

# Install CA certificates for HTTPS
RUN apk --no-cache add ca-certificates tzdata

# Copy binary from builder
COPY --from=builder /ai-compliance-sdk .

# Copy migrations
COPY migrations/ ./migrations/

# Copy policy files (YAML rules)
COPY policies/ ./policies/

# Copy Compliance Execution Graph data (file-backed: Registry join-key copy + accepted control
# mappings + evidence requirements) consumed by GET /sdk/v1/compliance/obligation-status.
COPY data/control_mappings/ ./data/control_mappings/
COPY data/evidence_requirements/ ./data/evidence_requirements/
COPY data/obligations/ ./data/obligations/

# Create non-root user
RUN adduser -D -u 1000 appuser
USER appuser

# Expose port
ARG BUILD_SHA="unknown"
ENV BUILD_SHA=${BUILD_SHA}

EXPOSE 8090

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://localhost:8090/health || exit 1

# Run the application
CMD ["./ai-compliance-sdk"]