new dockerfile for staged yt-dlp/deno/go builds to distroless container

Dockerfile

@@ -1,6 +1,84 @@
-FROM python:3.14.2-alpine3.22
-COPY ./app /app
-WORKDIR /app
-RUN apk add ffmpeg deno
-RUN pip install -r requirements.txt
-CMD ["python", "/app/main.py"]
+# Portions of this Dockerfile are sourced from GPLv3 licensed `yt-dlp slim` by Henrique Almeida (https://github.com/h3nc4/yt-dlp-slim)
+# Derivations to this Dockerfile in this repository following March 3, 2026 should be considered licensed under this project's MIT license (see ../LICENSE) unless otherwise stated
+
+########################################
+# Versions
+ARG YT_DLP_VERSION="2026.03.03"
+
+################################################################################
+# Deno builder stage
+FROM denoland/deno:bin-2.6.6@sha256:9f18d20207f2699595ea26d14e0b7e123cd0cd01100a577bc11f8ca5906c2d81 AS deno-builder
+
+################################################################################
+# FFmpeg builder stage
+FROM debian:13-slim@sha256:1d3c811171a08a5adaa4a163fbafd96b61b87aa871bbc7aa15431ac275d3d430 AS ffmpeg-builder
+RUN apt-get update && \
+  apt-get install -y --no-install-recommends ffmpeg
+RUN mkdir -p /rootfs/bin && \
+  cp /usr/bin/ffmpeg /usr/bin/ffprobe /rootfs/bin/ && \
+  ldd /usr/bin/ffmpeg | grep "=> /" | awk '{print $3}' | \
+  xargs -I '{}' cp --parents '{}' /rootfs && \
+  cp --parents /lib/x86_64-linux-gnu/libdl.so.2 /rootfs && \
+  cp --parents /lib/x86_64-linux-gnu/libpthread.so.0 /rootfs && \
+  cp --parents /lib/x86_64-linux-gnu/libutil.so.1 /rootfs && \
+  cp --parents /lib/x86_64-linux-gnu/librt.so.1 /rootfs && \
+  cp --parents /lib64/ld-linux-x86-64.so.2 /rootfs
+
+################################################################################
+# YT-DLP builder stage
+FROM alpine:3.23@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659 AS yt-dlp-builder
+ARG YT_DLP_VERSION
+
+RUN mkdir -p /rootfs/target /rootfs/tmp /rootfs/bin
+
+ADD "https://github.com/yt-dlp/yt-dlp/releases/download/${YT_DLP_VERSION}/yt-dlp_linux" /yt-dlp_linux
+ADD "https://github.com/yt-dlp/yt-dlp/releases/download/${YT_DLP_VERSION}/SHA2-256SUMS" /SHA2-256SUMS
+ADD "https://github.com/yt-dlp/yt-dlp/releases/download/${YT_DLP_VERSION}/SHA2-256SUMS.sig" /SHA2-256SUMS.sig
+ADD "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xAC0CBBE6848D6A873464AF4E57CF65933B5A7581" "/yt-dlp_pubkey.asc"
+
+RUN apk add --no-cache gnupg && \
+  gpg --import /yt-dlp_pubkey.asc && \
+  gpg --verify /SHA2-256SUMS.sig /SHA2-256SUMS && \
+  grep " yt-dlp_linux$" /SHA2-256SUMS | sha256sum -c -
+
+RUN mv /yt-dlp_linux /rootfs/bin/yt-dlp && \
+  chmod 755 /rootfs/bin/yt-dlp && \
+  chmod 1777 /rootfs/tmp
+
+################################################################################
+# App builder stage
+FROM golang:1.25.8-trixie@sha256:bc16125656839ffe56154c675f7a9662bec2ef7d4060177239914e7c6d2fd8a8 AS app-builder
+
+COPY app/ /opt/app
+WORKDIR /opt/app
+
+RUN go get && go build -o out/yt-dlp-bot
+
+################################################################################
+# Final squashed image
+FROM scratch AS final
+
+# Copy deno, yt-dlp, and ffmpeg binaries
+COPY --from=deno-builder /deno /bin/deno
+COPY --from=yt-dlp-builder /rootfs /
+COPY --from=ffmpeg-builder /rootfs/ /
+
+# Copy yt-dlp-bot app binary
+COPY --from=app-builder /opt/app/out/yt-dlp-bot /bin/
+
+# Copy SSL CA's (needed for Discord)
+COPY --from=app-builder /etc/ssl/certs /etc/ssl/certs
+
+WORKDIR /target
+ENV XDG_CACHE_HOME=/tmp/.cache
+
+ENV YTDLP_BIN=/bin/yt-dlp
+
+ENTRYPOINT ["/bin/yt-dlp-bot"]
+
+LABEL org.opencontainers.image.title="yt-dlp bot" \
+  org.opencontainers.image.description="A totally overengineered Discord bot to locally download YouTube videos for private use" \
+  org.opencontainers.image.authors="William Peebles <me@williamtpeebles.com>" \
+  org.opencontainers.image.vendor="William Peebles" \
+  org.opencontainers.image.licenses="MIT" \
+  org.opencontainers.image.source="https://git.dubyatp.xyz/williamp/yt-dlp-bot"