# Use the official Node.js 20 image
FROM node:20-alpine3.20 AS base

ARG ARG_UID
ARG ARG_GID

# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
RUN apk add bash curl && apk add --no-cache libc6-compat wget coreutils
COPY ./infrastructure/docker/common/wait-for-it.sh /usr/local/bin/wait-for-it
COPY ./infrastructure/docker/common/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod +x /usr/local/bin/wait-for-it && \
    chmod +x /usr/local/bin/docker-entrypoint.sh
# Install pnpm
RUN npm install -g pnpm

# Install dependencies only when needed
FROM base AS deps
# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
WORKDIR /app

# Install dependencies based on the preferred package manager
COPY package.json pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile --prod --dangerously-allow-all-builds

# Rebuild the source code only when needed
FROM base AS builder
WORKDIR /app

COPY --from=deps /app/node_modules ./node_modules
COPY package.json pnpm-lock.yaml ./
# Install all dependencies (including devDependencies) for building
RUN pnpm install --frozen-lockfile --dangerously-allow-all-builds

COPY . .

# Accept build arguments
ARG BETTER_AUTH_SECRET
ARG BETTER_AUTH_URL
ARG BETTER_AUTH_EMAIL
ARG NEXT_PUBLIC_APP_URL

# Environment variables for build process
ENV NEXT_TELEMETRY_DISABLED=1

# Set environment variables for build (will be overridden at runtime)
ENV DATABASE_URL=postgresql://dummy:dummy@dummy:5432/dummy \
    BETTER_AUTH_SECRET=${BETTER_AUTH_SECRET:-buildpwwyux6f6i3xljxn6fzkl4wcd31} \
    BETTER_AUTH_URL=${BETTER_AUTH_URL:-http://localhost:3000} \
    BETTER_AUTH_EMAIL=${BETTER_AUTH_EMAIL:-build@example.com} \
    NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL:-http://localhost:3000} \
    STRIPE_SECRET_KEY="sk_test_1234567890" \
    STRIPE_WEBHOOK_SECRET='whsec_1234567890' \
    NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY='pk_test_23456789' \
    MOBILE_PAY_BASE_URL="http://localhost" \
    MOBILE_PAY_CLIENT_ID="1111111-1111-1111-1111-111111111111" \
    MOBILE_PAY_CLIENT_SECRET="1111111111111111111111" \
    MOBILE_PAY_SUBSCRIPTION_KEY="11111111111" \
    MOBILE_PAY_MERCHANT_SERIAL_NUMBER="111111111" \
    MOBILE_PAY_WEBHOOK_ID="1111111-1111-1111-1111-111111111111" \
    MOBILE_PAY_WEBHOOK_SECRET="secret"

# Ensure BETTER_AUTH_SECRET is set for build
RUN if [ -z "$BETTER_AUTH_SECRET" ]; then echo "ERROR: BETTER_AUTH_SECRET is not set" && exit 1; fi

# Build the application
# Use pnpm to run next build directly since we set environment variables above
RUN pnpm exec next build

# Production image, copy all the files and run next
FROM base AS runner
WORKDIR /app

ENV NODE_ENV=production \
    NEXT_TELEMETRY_DISABLED=1 \
    ARG_UID=${ARG_UID:-1001} \
    ARG_GID=${ARG_GID:-1001}

RUN addgroup --system --gid ${ARG_GID} nodejs && \
    adduser --system --uid ${ARG_UID} nextjs && \
    chown -R ${ARG_UID}:${ARG_GID} /app
# Automatically leverage output traces to reduce image size
# https://nextjs.org/docs/advanced-features/output-file-tracing
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/public ./public
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static

# Copy migration files and package.json for migrations
COPY --from=builder --chown=nextjs:nodejs /app/drizzle ./drizzle
COPY --from=builder --chown=nextjs:nodejs /app/tsconfig.json ./tsconfig.json
COPY --from=builder --chown=nextjs:nodejs /app/package.json ./package.json
COPY --from=builder --chown=nextjs:nodejs /app/pnpm-lock.yaml ./pnpm-lock.yaml
COPY --from=builder --chown=nextjs:nodejs /app/migrate.js ./migrate.js
COPY --from=builder --chown=nextjs:nodejs /app/drizzle.config.ts ./drizzle.config.ts

# Copy source files needed for migrations
COPY --from=builder --chown=nextjs:nodejs /app/src/lib ./src/lib
COPY --from=builder --chown=nextjs:nodejs /app/src/features ./src/features
COPY --from=builder --chown=nextjs:nodejs /app/src/server ./src/server
COPY --from=builder --chown=nextjs:nodejs /app/src/config ./src/config
COPY --from=deps --chown=nextjs:nodejs /app/node_modules ./node_modules

# Install pnpm and dependencies for migrations
RUN pnpm install --frozen-lockfile --prod --dangerously-allow-all-builds

# Set the correct permission for prerender cache
RUN mkdir -p .next && chown nextjs:nodejs .next

USER nextjs

EXPOSE 3000

ENV PORT=3000 \
    HOSTNAME=0.0.0.0

# Use entrypoint script for migrations and then start the application
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
CMD ["node", "server.js"]


FROM nginx:1.27-alpine3.20 AS nginx
RUN apk add --no-cache curl

COPY ./infrastructure/docker/common/nginx/nginx.conf /etc/nginx/nginx.conf
#COPY ./common/nginx/conf.d/ /etc/nginx/conf.d/

WORKDIR /app

HEALTHCHECK --interval=5s --timeout=3s --start-period=1s CMD curl --fail http://127.0.0.1/nginx-health || exit 1