# syntax=docker/dockerfile:1

# ── Stage 1: build ──────────────────────────────────────────────────────────
FROM node:22-alpine AS builder

WORKDIR /app

# Install dependencies first (better layer caching)
COPY package.json package-lock.json ./
RUN npm ci

# Copy source and build
COPY . .
RUN npm run build

# Prune dev dependencies
RUN npm prune --production

# ── Stage 2: runtime ─────────────────────────────────────────────────────────
FROM node:22-alpine AS runtime

WORKDIR /app

# Non-root user for security
RUN addgroup -g 1001 tonemark && \
    adduser -D -u 1001 -G tonemark tonemark

# Copy built output and production node_modules
COPY --from=builder --chown=tonemark:tonemark /app/build ./build
COPY --from=builder --chown=tonemark:tonemark /app/node_modules ./node_modules
COPY --from=builder --chown=tonemark:tonemark /app/package.json ./

USER tonemark

EXPOSE 3000

ENV NODE_ENV=production \
    PORT=3000 \
    HOST=0.0.0.0

CMD ["node", "build/index.js"]
