# =============================================================================
# MPC Party Service Dockerfile
# =============================================================================

# Build stage - use Alpine for smaller build context
FROM node:20-alpine AS builder

WORKDIR /app

# Copy package files
COPY package*.json ./
COPY tsconfig.json ./
COPY nest-cli.json ./
COPY prisma ./prisma/

# Install dependencies
RUN npm ci

# Generate Prisma client
RUN npx prisma generate

# Copy source code
COPY src ./src

# Build TypeScript
RUN npm run build

# Verify build output exists
RUN ls -la dist/ && test -f dist/main.js

# Production stage - use Debian slim for OpenSSL compatibility
FROM node:20-slim

WORKDIR /app

# Install OpenSSL and curl for health checks
RUN apt-get update && apt-get install -y --no-install-recommends \
    openssl \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Install production dependencies only
COPY package*.json ./
RUN npm ci --only=production

# Copy Prisma schema, migrations and generate client
COPY prisma ./prisma/
RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate

# Copy built files
COPY --from=builder /app/dist ./dist

# Copy entrypoint script
COPY docker-entrypoint.sh ./
RUN chmod +x docker-entrypoint.sh

# Create non-root user
RUN groupadd -g 1001 nodejs && \
    useradd -u 1001 -g nodejs nestjs

# Create temp directory for TSS
RUN mkdir -p /tmp/tss && chown -R nestjs:nodejs /tmp/tss

# Change ownership of app directory
RUN chown -R nestjs:nodejs /app

# Switch to non-root user
USER nestjs

# Expose port
EXPOSE 3006

# Health check (extended start-period for migrations)
HEALTHCHECK --interval=30s --timeout=3s --start-period=60s --retries=5 \
  CMD curl -f http://localhost:3006/api/v1/health || exit 1

# Start service with entrypoint script (runs migrations first)
CMD ["./docker-entrypoint.sh"]