# ── Stage 1: deps ─────────────────────────────────────────────────────────────
FROM node:24-alpine3.21 AS deps
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci

# ── Stage 2: builder ──────────────────────────────────────────────────────────
FROM node:24-alpine3.21 AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
RUN npm run build

# ── Stage 3: runner ───────────────────────────────────────────────────────────
FROM node:24-alpine3.21 AS runner
WORKDIR /app

ENV NODE_ENV=production
# DATA_DIR is the single volume mount point for both SQLite and uploads
ENV DATA_DIR=/data

# Create a non-root user with default UID/GID (overridable at runtime via PUID/PGID)
RUN apk add --no-cache su-exec shadow && \
    addgroup --gid 1001 nodejs && \
    adduser --uid 1001 --ingroup nodejs --disabled-password --gecos "" nextjs && \
    mkdir -p /data/uploads && chown -R nextjs:nodejs /data

# Copy standalone build output
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
COPY --chmod=755 entrypoint.sh /entrypoint.sh

EXPOSE 3000
ENV PORT=3000
ENV HOSTNAME=0.0.0.0
ENV PUID=1001
ENV PGID=1001

ENTRYPOINT ["/entrypoint.sh"]
CMD ["node", "server.js"]