Dockerfile.prod

# Start with a base image and install system dependencies
FROM node:20.9-alpine AS base
RUN apk add \
    graphicsmagick \
    imagemagick \
    ghostscript \
    postgresql-client \
    redis \
    curl \
    bash
WORKDIR /app

# Stage for installing dependencies (cache-friendly)
FROM base AS deps
# Copy package files for both root and server parts of the project
COPY package.json package-lock.json ./
COPY server/package.json server/package-lock.json ./server/
COPY tsconfig.base.json ./

# Use npm ci for a clean install
RUN npm ci

# Builder stage for compiling the application
FROM deps AS builder
# Copy all project files and build the server
COPY . .
WORKDIR /app/server

# Create secrets directory and populate with secure placeholder values
RUN mkdir -p /app/secrets && \
    echo "secure-admin-password-placeholder" > /app/secrets/postgres_password && \
    echo "secure-app-password-placeholder" > /app/secrets/db_password_server && \
    echo "secure-hocuspocus-password-placeholder" > /app/secrets/db_password_hocuspocus && \
    echo "secure-redis-password-placeholder" > /app/secrets/redis_password && \
    echo "secure-32char-auth-key-placeholder-xxxxx" > /app/secrets/alga_auth_key && \
    echo "secure-32char-crypto-key-placeholder-xxxx" > /app/secrets/crypto_key && \
    echo "secure-32char-token-key-placeholder-xxxx" > /app/secrets/token_secret_key && \
    echo "secure-32char-nextauth-key-placeholder-xx" > /app/secrets/nextauth_secret && \
    echo "secure-email-password-placeholder" > /app/secrets/email_password && \
    echo "secure-oauth-client-id-placeholder" > /app/secrets/google_oauth_client_id && \
    echo "secure-oauth-client-secret-placeholder" > /app/secrets/google_oauth_client_secret && \
    chmod 600 /app/secrets/*
# Copy example environment file
COPY .env.example /app/.env   
COPY .env.example /app/server/.env  

WORKDIR /app
RUN npm run build

# Final production image with minimal runtime artifacts
FROM node:20.9-alpine
RUN apk add --no-cache bash \
    postgresql-client \
    redis \
    graphicsmagick \
    imagemagick \
    ghostscript \
    curl \
    bash

WORKDIR /app
COPY tsconfig.base.json ./
COPY server/setup /app/server/setup

# Copy built application and node_modules from earlier stages
COPY --from=builder /app/server/.next ./server/.next
COPY --from=builder /app/server/public ./server/public
COPY --from=builder /app/server/next.config.mjs ./server/
COPY --from=builder /app/server/package.json ./server/
COPY --from=builder /app/package.json ./
COPY --from=builder /app/server/knexfile.cjs ./server/
COPY --from=builder /app/server/migrations/ ./server/migrations/
COPY --from=builder /app/server/seeds/ ./server/seeds/
COPY --from=builder /app/server/src/scripts/ ./server/src/scripts/

COPY --from=deps /app/node_modules ./node_modules

COPY server/entrypoint.sh /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh

EXPOSE 3000
ENV NODE_ENV=production
ENTRYPOINT ["/app/entrypoint.sh"]