# =============================================================================
# Trading Service - Dockerfile
# =============================================================================

# 阶段1: 构建
FROM node:20-alpine AS builder
WORKDIR /app

COPY package*.json ./
COPY tsconfig*.json ./
COPY prisma ./prisma/

RUN npm ci
RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate

COPY src ./src
RUN npm run build

# 阶段2: 生产运行
FROM node:20-alpine AS runner

RUN addgroup --system --gid 1001 nodejs && \
    adduser --system --uid 1001 -G nodejs nestjs

RUN apk add --no-cache curl tzdata openssl su-exec

RUN mkdir -p /app && chown nestjs:nodejs /app
WORKDIR /app

USER nestjs

COPY --chown=nestjs:nodejs package*.json ./
RUN npm ci --only=production && npm cache clean --force

COPY --chown=nestjs:nodejs prisma ./prisma/
RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate

COPY --chown=nestjs:nodejs --from=builder /app/dist ./dist

# entrypoint 以 root 启动 → 修复 volume 权限 → 降权到 nestjs 运行
USER root
RUN printf '#!/bin/sh\nset -e\n# 修复 Docker volume 挂载权限（volume 首次由 root 创建）\nmkdir -p /app/uploads/c2c-proofs\nchown -R nestjs:nodejs /app/uploads\n# 以 nestjs 用户运行\necho "Running database migrations..."\nsu-exec nestjs npx prisma migrate deploy\necho "Starting application..."\nexec su-exec nestjs node dist/main.js\n' > /app/start.sh && chmod +x /app/start.sh

ENV NODE_ENV=production
ENV TZ=Asia/Shanghai

EXPOSE 3022

HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD curl -f http://localhost:3022/api/v2/health || exit 1

CMD ["/app/start.sh"]