# syntax=docker/dockerfile:1.7

# -------- build stage --------
FROM node:20-alpine AS build
WORKDIR /app

# Prisma needs openssl; sharp prefers libc6-compat on alpine
RUN apk add --no-cache openssl libc6-compat

COPY package.json package-lock.json ./
RUN npm ci

COPY . .

# Generate Prisma client + build Next.js.
# We intentionally skip `prisma db push` here (it runs at container start
# against the persistent volume — see CMD below).
RUN npx prisma generate \
    && SKIP_ENV_VALIDATION=1 NEXT_TELEMETRY_DISABLED=1 npx next build

# Drop dev dependencies for a leaner runtime layer
RUN npm prune --omit=dev


# -------- runtime stage --------
FROM node:20-alpine AS runner
WORKDIR /app

ENV NODE_ENV=production \
    NEXT_TELEMETRY_DISABLED=1 \
    PORT=3000 \
    HOSTNAME=0.0.0.0 \
    DATABASE_URL=file:/app/data/prod.db

RUN apk add --no-cache openssl libc6-compat wget \
    && addgroup -g 1001 -S nodejs \
    && adduser -S nextjs -u 1001 \
    && mkdir -p /app/data \
    && chown -R nextjs:nodejs /app

COPY --from=build --chown=nextjs:nodejs /app/package.json /app/package-lock.json ./
COPY --from=build --chown=nextjs:nodejs /app/node_modules ./node_modules
COPY --from=build --chown=nextjs:nodejs /app/.next ./.next
COPY --from=build --chown=nextjs:nodejs /app/public ./public
COPY --from=build --chown=nextjs:nodejs /app/prisma ./prisma
COPY --from=build --chown=nextjs:nodejs /app/next.config.js ./
COPY --from=build --chown=nextjs:nodejs /app/middleware.ts ./middleware.ts

USER nextjs

VOLUME ["/app/data"]
EXPOSE 3000

HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
  CMD wget -qO- http://127.0.0.1:3000/ >/dev/null || exit 1

# Apply schema to the SQLite file on the persistent volume, then start Next.
CMD ["sh", "-c", "npx prisma db push --accept-data-loss --skip-generate && npx next start -H 0.0.0.0 -p 3000"]
