# Build stage
# TODO: Pin to sha256 digest after verifying with: docker pull node:20-alpine && docker inspect node:20-alpine --format='{{index .RepoDigests 0}}'
FROM node:20-alpine AS builder

WORKDIR /app

COPY package*.json ./

RUN npm ci

COPY . .

RUN npm run build

# Production stage
# TODO: Pin to sha256 digest after verifying with: docker pull node:20-alpine && docker inspect node:20-alpine --format='{{index .RepoDigests 0}}'
FROM node:20-alpine

WORKDIR /app

# Install PostgreSQL client and curl for healthcheck
RUN apk add --no-cache postgresql-client curl

RUN addgroup -g 1001 -S nodejs && adduser -S nextjs -u 1001

COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./

COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static

# Copy drizzle migrations
COPY --from=builder --chown=nextjs:nodejs /app/drizzle ./drizzle

# Copy data loading scripts and their dependencies
COPY --from=builder --chown=nextjs:nodejs /app/scripts ./scripts
COPY --from=builder --chown=nextjs:nodejs /app/package*.json ./
RUN npm ci --omit=dev

# Copy initial data CSV
COPY --from=builder --chown=nextjs:nodejs /app/EURUSD.csv ./EURUSD.csv

RUN mkdir -p /app/public && chown -R nextjs:nodejs /app/public /app/node_modules

# Make startup script executable
RUN chmod +x /app/scripts/startup.sh

ENV NODE_ENV=production PORT=3000 HOSTNAME=0.0.0.0

USER nextjs

EXPOSE 3000

HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 CMD curl -f http://localhost:3000/api/health

CMD ["/app/scripts/startup.sh"]