# syntax=docker/dockerfile:1.7
# ─────────────────────────────────────────────────────────────
# LexiChain — Production Dockerfile
# Multi-stage build:
#   deps    → install npm dependencies
#   builder → generate Prisma client + build Next.js
#   runner  → minimal production image (non-root user)
# ─────────────────────────────────────────────────────────────

# ── Stage 1: base ────────────────────────────────────────────
FROM node:20-alpine AS base
WORKDIR /app
ENV NEXT_TELEMETRY_DISABLED=1

# ── Stage 2: install dependencies ────────────────────────────
FROM base AS deps
# libc6-compat is needed for some native modules on Alpine
RUN apk add --no-cache libc6-compat
COPY package.json package-lock.json* ./
RUN npm ci --ignore-scripts

# ── Stage 3: build ───────────────────────────────────────────
FROM base AS builder
RUN apk add --no-cache libc6-compat
COPY --from=deps /app/node_modules ./node_modules
COPY . .
# Generate Prisma client before building Next.js
RUN npx prisma generate
RUN npm run build

# ── Stage 4: production runner ───────────────────────────────
FROM base AS runner
RUN apk add --no-cache libc6-compat

ENV NODE_ENV=production
ENV PORT=3000
ENV HOSTNAME="0.0.0.0"

# Create a non-root user for security
RUN addgroup --system --gid 1001 nodejs \
 && adduser  --system --uid 1001 nextjs

# Copy the standalone output from builder
COPY --from=builder /app/public            ./public
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static     ./.next/static

USER nextjs

EXPOSE 3000

# Health check — verifies the app is responding before traffic is routed
HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
  CMD wget -qO- http://localhost:3000/api/health || exit 1

CMD ["node", "server.js"]