# syntax=docker/dockerfile:1.7

# Stage 1: Dependencies
FROM node:22-alpine AS deps
WORKDIR /app

# Copy package files
COPY package.json package-lock.json ./

# Install ALL dependencies (including devDependencies for build)
RUN --mount=type=cache,target=/root/.npm \
    npm ci --no-audit --no-fund

# Stage 2: Build
FROM node:22-alpine AS builder
WORKDIR /app

# Copy dependencies from deps stage
COPY --from=deps /app/node_modules ./node_modules

# Copy source code and config files
COPY package.json package-lock.json ./
COPY tsconfig*.json ./
COPY src ./src

# Build TypeScript to JavaScript with cache mount
RUN --mount=type=cache,target=/tmp/.tsc-cache \
    npm run build:prod

# Stage 3: Runtime
FROM node:22-alpine AS runner
WORKDIR /app

ENV NODE_ENV=production

# Copy package files
COPY package.json package-lock.json ./

# Copy only production dependencies (from deps stage)
COPY --from=deps /app/node_modules ./node_modules

# Copy built JavaScript files
COPY --from=builder /app/build ./build

# Run as non-root user
RUN chown -R node:node /app
USER node

# Expose the listening port
EXPOSE 3000

CMD ["node", "./build/src/index.js"]