# CHORUS Services Website - Production Dockerfile
# Multi-stage build for optimal size and security
# Target image size: <100MB

# Stage 1: Base Node.js environment
FROM node:18-alpine AS base
RUN apk add --no-cache libc6-compat
WORKDIR /app

# Stage 2: Dependencies installation
FROM base AS deps
# Copy package files
COPY package.json package-lock.json* ./
# Install dependencies with cache optimization  
RUN npm ci --only=production && npm cache clean --force

# Stage 3: Development dependencies and build
FROM base AS builder
WORKDIR /app

# Copy package files and install all dependencies
COPY package.json package-lock.json* ./
RUN npm ci

# Copy source code
COPY . .

# Disable Next.js telemetry
ENV NEXT_TELEMETRY_DISABLED=1

# Build the application
RUN npm run build

# Stage 4: Production runtime
FROM node:18-alpine AS runner

# Install curl for health checks
RUN apk add --no-cache curl

# Security: Create non-root user
RUN addgroup --system --gid 1001 nodejs && \
    adduser --system --uid 1001 nextjs

WORKDIR /app

# Copy built application from builder stage
COPY --from=builder /app/.next/standalone ./
COPY --from=builder /app/.next/static ./.next/static
COPY --from=builder /app/public ./public

# Copy health check script
COPY healthcheck-simple.js ./healthcheck.js

# Set ownership and permissions
RUN chown -R nextjs:nodejs /app && \
    chmod +x /app/healthcheck.js

# Security: Remove unnecessary packages and files
RUN rm -rf /var/cache/apk/* /tmp/* /var/tmp/*

# Switch to non-root user
USER nextjs

# Environment variables
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
ENV PORT=80
ENV HOSTNAME=0.0.0.0

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD node /app/healthcheck.js || exit 1

# Expose port 80 for Traefik
EXPOSE 80

# Start Next.js server
CMD ["node", "server.js"]