# =============================================================================
# Identity Service Dockerfile
# =============================================================================

# Build stage - use Alpine for smaller build context
FROM node:20-alpine AS builder

WORKDIR /app

# Copy package files
COPY package*.json ./
COPY tsconfig*.json ./
COPY nest-cli.json ./

# Copy Prisma schema
COPY prisma ./prisma/

# Install dependencies
RUN npm ci

# Generate Prisma client (dummy DATABASE_URL for build time only)
RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate

# Copy source code
COPY src ./src

# Build TypeScript
RUN npm run build

# Verify build output exists
RUN ls -la dist/src/ && test -f dist/src/main.js

# Production stage - use Debian slim for OpenSSL compatibility
FROM node:20-slim

# Create non-root user with home directory (npm cache needs it)
RUN groupadd -g 1001 nodejs && \
    useradd -u 1001 -g nodejs -m nestjs

# Install OpenSSL, CA certificates, and curl for health checks
RUN apt-get update && apt-get install -y --no-install-recommends \
    openssl \
    ca-certificates \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Create app directory with correct ownership
RUN mkdir -p /app && chown nestjs:nodejs /app
WORKDIR /app

# Switch to non-root user before installing dependencies
USER nestjs

# Install production dependencies + ts-node for seed
COPY --chown=nestjs:nodejs package*.json ./
COPY --chown=nestjs:nodejs tsconfig*.json ./
RUN npm ci --only=production && npm install ts-node typescript @types/node --save-dev

# Copy Prisma schema and generate client
COPY --chown=nestjs:nodejs prisma ./prisma/
RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate

# Copy built files
COPY --chown=nestjs:nodejs --from=builder /app/dist ./dist

# Create startup script that runs migrations and seed before starting the app
RUN echo '#!/bin/sh\n\
set -e\n\
echo "Running database migrations..."\n\
npx prisma migrate deploy\n\
echo "Running database seed..."\n\
npx prisma db seed || echo "Seed completed (or already seeded)"\n\
echo "Starting application..."\n\
exec node dist/src/main.js\n' > /app/start.sh && chmod +x /app/start.sh

ENV NODE_ENV=production

# Expose port
EXPOSE 3000

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \
  CMD curl -f http://localhost:3000/api/v1/health || exit 1

# Start service with migration
CMD ["/app/start.sh"]