# =============================================================================
# Identity Service Dockerfile
# =============================================================================

# Build stage - use Alpine for smaller build context
FROM node:20-alpine AS builder

# Use Aliyun mirror for Alpine packages (China acceleration)
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories

# Use China mirrors for npm (try Huawei mirror as fallback)
# Options: npmmirror.com, mirrors.huaweicloud.com, registry.npm.taobao.org
RUN npm config set registry https://mirrors.huaweicloud.com/repository/npm/ && \
    npm config set disturl https://mirrors.huaweicloud.com/nodejs/

WORKDIR /app

# Copy package files
COPY package*.json ./
COPY tsconfig*.json ./
COPY nest-cli.json ./

# Copy Prisma schema
COPY prisma ./prisma/

# Install dependencies
RUN npm ci

# Generate Prisma client (dummy DATABASE_URL for build time only)
RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate

# Copy source code
COPY src ./src

# Build TypeScript
RUN npm run build

# Verify build output exists
RUN ls -la dist/src/ && test -f dist/src/main.js

# Production stage - use Debian slim for OpenSSL compatibility
FROM node:20-slim

WORKDIR /app

# Use Aliyun mirror for Debian packages (China acceleration)
RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list.d/debian.sources 2>/dev/null || \
    sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list 2>/dev/null || true

# Install OpenSSL and curl for health checks
RUN apt-get update && apt-get install -y --no-install-recommends \
    openssl \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Use Huawei npm mirror (more stable than npmmirror)
RUN npm config set registry https://mirrors.huaweicloud.com/repository/npm/

# Install production dependencies only
COPY package*.json ./
RUN npm ci --only=production

# Copy Prisma schema and generate client
COPY prisma ./prisma/
RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate

# Copy built files
COPY --from=builder /app/dist ./dist

# Create non-root user
RUN groupadd -g 1001 nodejs && \
    useradd -u 1001 -g nodejs nestjs

# Switch to non-root user
USER nestjs

ENV NODE_ENV=production

# Expose port
EXPOSE 3000

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \
  CMD curl -f http://localhost:3000/api/v1/health || exit 1

# Start service
CMD ["node", "dist/src/main.js"]