# -------- Base runtime (small + stable) --------
FROM node:20-alpine AS runtime

# Add a tiny init so the app handles signals and zombies correctly
# and curl for container HEALTHCHECK
RUN apk add --no-cache dumb-init curl

# Set workdir
WORKDIR /app

# Copy only the manifests first to leverage Docker layer cache
COPY package*.json ./

# Install prod deps deterministically
# (If you do not have package-lock.json, switch back to `npm install --omit=dev`)
RUN npm ci --omit=dev

# Copy the rest of your source
COPY . .

# If you build TypeScript or bundle assets, uncomment:
# RUN npm run build

# Security: run as the prebuilt "node" user (non-root)
USER node

# Ensure prod mode inside container
ENV NODE_ENV=production
ENV PORT=4000

# (Optional but recommended) simple health endpoint in your app, e.g. GET /healthz returns 200
HEALTHCHECK --interval=30s --timeout=3s --retries=3 \
  CMD curl -fsS http://127.0.0.1:${PORT}/healthz || exit 1

# Expose app port (informational for humans/tools)
EXPOSE 4000

# Use dumb-init as PID 1, then run your app
ENTRYPOINT [ "dumb-init", "--" ]
CMD [ "npm", "start" ]