FROM node:22-alpine AS builder

# Install pnpm
RUN npm install -g pnpm

WORKDIR /app

# Install all deps for building server
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
RUN pnpm install --frozen-lockfile

# Copy only server sources and tsconfig for server build
COPY src/server ./src/server
COPY tsconfig.server.json ./tsconfig.server.json
COPY tsconfig.server.build.json ./tsconfig.server.build.json

# Build server only (no client build)
RUN pnpm tsc -p tsconfig.server.build.json

FROM node:22-alpine AS production

# Install pnpm and required runtime tools
RUN npm install -g pnpm ts-node && apk add --no-cache su-exec curl

# Set working directory
WORKDIR /app

# Copy package files
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./

# Install production dependencies only
RUN pnpm install --frozen-lockfile --prod

# Copy prebuilt application artifacts from repository (no TS build in image)
COPY dist ./dist
# Use freshly built server from builder stage
COPY --from=builder /app/server-dist ./server-dist
COPY public ./public

# Copy necessary runtime files
COPY start.sh ./start.sh

# Create non-root user for security
RUN addgroup -g 1001 -S nodejs
RUN adduser -S nextjs -u 1001

# Make start script executable
RUN chmod +x /app/start.sh

# Change ownership of the app directory (but keep root for .storage)
RUN chown -R nextjs:nodejs /app
RUN chown root:root /app/.storage 2>/dev/null || true

# Don't switch to nextjs user here - the start script will handle it
# USER nextjs

# Expose port
EXPOSE 3000

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD node -e "require('http').get('http://localhost:3000/health', (res) => { process.exit(res.statusCode === 200 ? 0 : 1) })" || exit 1

# Start the application with startup script
CMD ["/app/start.sh"]