# --- Stage 1: Dependencies ---
FROM node:22-alpine AS deps

RUN apk add --no-cache openssl python3 make g++
RUN corepack enable && corepack prepare pnpm@10.32.0 --activate

WORKDIR /app

COPY package.json pnpm-workspace.yaml pnpm-lock.yaml ./
COPY packages/api/package.json packages/api/
COPY packages/shared/package.json packages/shared/
COPY packages/web/package.json packages/web/
RUN pnpm install --frozen-lockfile

# --- Stage 2: Build API ---
FROM deps AS api-builder

WORKDIR /app

COPY tsconfig.base.json ./
COPY packages/shared/ packages/shared/
RUN pnpm --filter @davinci/shared build

COPY packages/api/tsconfig.json packages/api/tsconfig.build.json packages/api/nest-cli.json packages/api/prisma.config.ts packages/api/
COPY packages/api/prisma/ packages/api/prisma/
COPY packages/api/src/ packages/api/src/
RUN pnpm --filter @davinci/api prisma:generate
RUN pnpm --filter @davinci/api build

# --- Stage 3: Build Web ---
FROM deps AS web-builder

WORKDIR /app

COPY tsconfig.base.json ./
COPY packages/shared/ packages/shared/
RUN pnpm --filter @davinci/shared build

COPY packages/web/ packages/web/
RUN pnpm --filter @davinci/web build

# --- Stage 4: Runner ---
FROM node:22-alpine AS runner

RUN apk add --no-cache openssl nginx

WORKDIR /app

ENV NODE_ENV=production

# Non-root user
RUN addgroup --system --gid 1001 nodejs && \
    adduser --system --uid 1001 appuser

# Copy nginx config
COPY nginx.conf /etc/nginx/http.d/default.conf

# Copy API build
COPY --from=api-builder /app/packages/api/dist packages/api/dist
COPY --from=api-builder /app/packages/api/prisma packages/api/prisma
COPY --from=api-builder /app/packages/api/node_modules packages/api/node_modules
COPY --from=api-builder /app/packages/api/package.json packages/api/
COPY --from=api-builder /app/node_modules ./node_modules
COPY --from=api-builder /app/package.json ./

# Copy Web standalone build
COPY --from=web-builder /app/packages/web/.next/standalone packages/web/standalone
COPY --from=web-builder /app/packages/web/.next/static packages/web/standalone/packages/web/.next/static
COPY --from=web-builder /app/packages/web/public packages/web/standalone/packages/web/public

# Copy entrypoint
COPY entrypoint.sh /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh

# nginx needs write access to certain dirs
RUN mkdir -p /run/nginx && chown -R appuser:nodejs /run/nginx
RUN chown -R appuser:nodejs /var/log/nginx /var/lib/nginx

EXPOSE 80

USER appuser

ENTRYPOINT ["/app/entrypoint.sh"]