# syntax=docker/dockerfile:1

# ============================================================================
# Builder stage
# ============================================================================
FROM node:22.11.0-slim AS builder

RUN npm install -g corepack@latest && corepack enable

WORKDIR /app

COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./
COPY packages/backend/package.json ./packages/backend/package.json

RUN pnpm install --frozen-lockfile --filter @sexy.pivoine.art/backend

# Rebuild argon2 native bindings (pnpm v10 build approval bypassed explicitly)
RUN pnpm rebuild argon2

COPY packages/backend ./packages/backend

RUN pnpm --filter @sexy.pivoine.art/backend build

RUN pnpm install -rP --filter @sexy.pivoine.art/backend

# ============================================================================
# Runner stage
# ============================================================================
FROM node:22.11.0-slim AS runner

RUN apt-get update && apt-get install -y \
    dumb-init \
    ffmpeg \
    wget \
    && rm -rf /var/lib/apt/lists/*

RUN userdel -r node && \
    groupadd -r -g 1000 node && \
    useradd -r -u 1000 -g node -m -d /home/node -s /bin/bash node

WORKDIR /home/node/app

RUN mkdir -p packages/backend

COPY --from=builder --chown=node:node /app/packages/backend/dist ./packages/backend/dist
COPY --from=builder --chown=node:node /app/packages/backend/node_modules ./packages/backend/node_modules
COPY --from=builder --chown=node:node /app/packages/backend/package.json ./packages/backend/package.json

RUN mkdir -p /data/uploads && chown node:node /data/uploads

USER node

ENV NODE_ENV=production \
    PORT=4000

EXPOSE 4000

HEALTHCHECK --interval=30s --timeout=5s --start-period=20s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://localhost:4000/health

ENTRYPOINT ["dumb-init", "--"]
CMD ["node", "packages/backend/dist/index.js"]