# ── Stage 1: build ───────────────────────────────────────────────────────────
FROM harbor.dvirlabs.com/base-images/node:20-alpine AS builder

WORKDIR /app

# Install deps first (layer-cached unless package files change)
COPY package.json package-lock.json ./
RUN npm ci --frozen-lockfile

# Copy source and build
COPY . .
RUN npm run build

# ── Stage 2: serve ───────────────────────────────────────────────────────────
FROM harbor.dvirlabs.com/base-images/nginx:1.27-alpine AS runner

# Remove default nginx config
RUN rm /etc/nginx/conf.d/default.conf

# Drop our custom config
COPY nginx.conf /etc/nginx/conf.d/errorlab.conf

# Copy built static files from the builder stage
COPY --from=builder /app/dist /usr/share/nginx/html

# Run as non-root (nginx:alpine UID 101)
RUN chown -R nginx:nginx /usr/share/nginx/html && \
    chown -R nginx:nginx /var/cache/nginx      && \
    chown -R nginx:nginx /var/log/nginx        && \
    touch /run/nginx.pid                        && \
    chown nginx:nginx /run/nginx.pid

USER nginx

EXPOSE 80

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
    CMD wget -qO- http://localhost/index.html || exit 1

CMD ["nginx", "-g", "daemon off;"]