# syntax=docker/dockerfile:1.7

FROM node:20-bullseye-slim AS base
ENV PNPM_HOME=/root/.local/share/pnpm
ENV PATH=$PNPM_HOME:$PATH
# Pin pnpm and activate via Corepack to avoid downloads during later steps
ARG PNPM_VERSION=8.15.9
RUN corepack enable && corepack prepare pnpm@${PNPM_VERSION} --activate

# Make installs more resilient in poor networks
ARG NPM_REGISTRY=https://registry.npmjs.org/
ENV NPM_CONFIG_REGISTRY=${NPM_REGISTRY}
ENV PNPM_FETCH_TIMEOUT=600000 \
    PNPM_FETCH_RETRIES=5 \
    PNPM_NETWORK_CONCURRENCY=8

FROM base AS deps
WORKDIR /app
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
COPY apps/backend/package.json ./apps/backend/
# Use a project-local pnpm store so it can be copied between stages
RUN pnpm config set store-dir /app/.pnpm-store \
 && pnpm config set registry ${NPM_CONFIG_REGISTRY}

# Ensure no lifecycle scripts run (e.g. sharp postinstall)
RUN pnpm config set ignore-scripts true

# Prefetch only backend dependencies, then install offline without running scripts
RUN --mount=type=cache,id=pnpm-store,target=/app/.pnpm-store \
    pnpm fetch --filter ./apps/backend \
 && pnpm -C apps/backend install --offline --frozen-lockfile --ignore-scripts

FROM deps AS build
COPY apps ./apps
RUN pnpm --filter backend build

FROM base AS runtime
WORKDIR /app
RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/*
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
COPY apps/backend/package.json ./apps/backend/
# Copy node_modules from deps stage and prune to production to avoid network
COPY --from=deps /app/apps/backend/node_modules /app/apps/backend/node_modules
RUN pnpm config set ignore-scripts true \
 && pnpm -C apps/backend prune --prod
COPY --from=build /app/apps/backend/dist ./apps/backend/dist
WORKDIR /app/apps/backend
EXPOSE 4000
ENV NODE_ENV=production
CMD ["node", "dist/main.js"]