# syntax=docker/dockerfile:1

# ----- Build stage: install (and compile native sqlite3) deps -----
FROM node:20-bookworm-slim AS builder

WORKDIR /app

# Build toolchain required to compile the native sqlite3 binding
RUN apt-get update \
    && apt-get install -y --no-install-recommends python3 make g++ \
    && rm -rf /var/lib/apt/lists/*

# Install production dependencies deterministically (cached unless lockfile changes)
COPY package.json package-lock.json ./
RUN npm ci --omit=dev

# ----- Runtime stage: slim image without build tooling -----
FROM node:20-bookworm-slim AS runtime

ENV NODE_ENV=production \
    PORT=3000

WORKDIR /app

# Bring in the already-installed (and compiled) dependencies
COPY --from=builder /app/node_modules ./node_modules

# Application source
COPY package.json ./
COPY server.js ./
COPY views ./views
COPY public ./public

# Persisted SQLite data lives here; make it writable for the non-root user
RUN mkdir -p /app/data && chown -R node:node /app
VOLUME ["/app/data"]

USER node

EXPOSE 3000

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
    CMD node -e "fetch('http://localhost:'+(process.env.PORT||3000)+'/').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"

CMD ["node", "server.js"]
