# Backend Dockerfile
FROM node:18-alpine AS base

# Install dependencies only when needed
FROM base AS deps
# Install OpenSSL 3.x which is compatible with Prisma
RUN apk add --no-cache libc6-compat openssl openssl-dev
WORKDIR /app

# Set Prisma environment variables
ENV PRISMA_ENGINES_MIRROR=https://prisma-builds.s3-eu-west-1.amazonaws.com
ENV PRISMA_CLI_BINARY_TARGETS=linux-musl-openssl-3.0.x

# Copy package files
COPY package*.json ./
COPY prisma ./prisma/

# Install dependencies
RUN npm ci

# Build stage
FROM base AS builder
RUN apk add --no-cache libc6-compat openssl openssl-dev
WORKDIR /app

ENV PRISMA_CLI_BINARY_TARGETS=linux-musl-openssl-3.0.x

COPY --from=deps /app/node_modules ./node_modules
COPY . .

# Generate Prisma Client with correct binary target
RUN npx prisma generate

# Build TypeScript
RUN npm run build

# Production stage
FROM base AS runner
RUN apk add --no-cache libc6-compat openssl openssl-dev
WORKDIR /app

ENV NODE_ENV=production
ENV PRISMA_CLI_BINARY_TARGETS=linux-musl-openssl-3.0.x

# Create non-root user first
RUN addgroup --system --gid 1001 nodejs && \
    adduser --system --uid 1001 expressjs

# Install production dependencies as root
COPY package*.json ./
COPY prisma ./prisma/
RUN npm ci --only=production && \
    npx prisma generate && \
    npm cache clean --force

# Copy built application
COPY --from=builder /app/dist ./dist

# Ensure uploads directory exists and is owned by app user
RUN mkdir -p /app/uploads /app/uploads/tenders && chown -R expressjs:nodejs /app

# Switch to non-root user
USER expressjs

EXPOSE 5001

CMD ["node", "dist/server.js"]
