# syntax=docker/dockerfile:1

# Base image (Debian-based for glibc + OpenSSL compatibility)
FROM node:20-bookworm-slim AS base
WORKDIR /app
ENV NODE_ENV=production
# Install OpenSSL and required certs
RUN apt-get update \
    && apt-get install -y --no-install-recommends openssl ca-certificates \
    && rm -rf /var/lib/apt/lists/*

# Dependencies stage (install deps and generate Prisma client)
FROM base AS deps
COPY package*.json ./
RUN npm ci --omit=dev --prefer-offline --no-audit && npm cache clean --force
# Copy prisma schema and generate client (glibc target will be detected)
COPY prisma ./prisma
ENV PRISMA_SKIP_POSTINSTALL_GENERATE=true
RUN npx prisma generate

# Build stage (compile TypeScript)
FROM node:20-bookworm-slim AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci --prefer-offline --no-audit && npm cache clean --force
COPY tsconfig.json ./
COPY src ./src
COPY prisma ./prisma
RUN npx prisma generate
RUN npm run build

# Runtime image - base 이미지 재사용으로 중복 설치 제거
FROM base AS runner
ENV NODE_ENV=production

# Create non-root user
RUN groupadd -r appgroup && useradd -r -g appgroup appuser

# Copy node_modules with generated Prisma client
COPY --from=deps /app/node_modules ./node_modules
# Copy built files
COPY --from=build /app/dist ./dist
# Copy package files
COPY package*.json ./

# Create logs directory and set permissions
RUN mkdir -p logs && chown -R appuser:appgroup logs && chmod -R 755 logs

EXPOSE 8080
USER appuser
CMD ["node", "dist/app.js"]