# Admin panel build stage
FROM node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293 AS admin-builder

WORKDIR /app

# NEXT_PUBLIC_* vars are baked into the client bundle at build time.
# Pass via `--build-arg NEXT_PUBLIC_API_URL=https://api.myhoneydue.com`.
ARG NEXT_PUBLIC_API_URL
ENV NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL}

# Copy admin panel files
COPY admin/package*.json ./

# Install dependencies
RUN npm ci

# Copy source
COPY admin/ .

# Strip any committed .env.local that would override the build-time URL
# with a dev value (e.g. http://localhost:8000).
RUN rm -f .env.local .env.development.local

# Build (standalone mode)
RUN npm run build

# Go build stage
FROM --platform=$BUILDPLATFORM golang:1.25-alpine AS builder
ARG TARGETARCH

# Install build dependencies
RUN apk add --no-cache git ca-certificates tzdata

# Set working directory
WORKDIR /app

# Copy go mod files
COPY go.mod go.sum ./

# Download dependencies
RUN go mod download

# Copy source code
COPY . .

# Build the API binary
RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -ldflags="-w -s" -o /app/api ./cmd/api

# Build the worker binary
RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -ldflags="-w -s" -o /app/worker ./cmd/worker

# Install goose CLI for production migrations. Pinned to a specific version
# so an upstream behavioural change can't break a deploy unannounced.
# Bumping is a deliberate, reviewable diff. We `go build` rather than
# `go install` so the output path is predictable across host platforms —
# `go install` with cross-compile env vars drops the binary in
# /go/bin/<goos>_<goarch>/, which is awkward to COPY from.
RUN cd /tmp && \
    git clone --depth=1 --branch=v3.22.1 https://github.com/pressly/goose.git goose-src && \
    cd goose-src && \
    CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
      go build -ldflags="-w -s" -o /app/goose ./cmd/goose && \
    cd / && rm -rf /tmp/goose-src

# Base runtime stage for Go services
FROM alpine:3.19 AS go-base

# Install runtime dependencies
RUN apk add --no-cache ca-certificates tzdata curl

# Create non-root user
RUN addgroup -g 1000 app && adduser -u 1000 -G app -s /bin/sh -D app

# Set working directory
WORKDIR /app

# Copy all binaries from builder
COPY --from=builder /app/api /app/api
COPY --from=builder /app/worker /app/worker
# goose is the migration runner — same image is reused as the migrate Job
# entrypoint via `command: ["/usr/local/bin/goose", ...]`.
COPY --from=builder /app/goose /usr/local/bin/goose

# Copy templates directory
COPY --from=builder /app/templates /app/templates

# Copy static landing page files
COPY --from=builder /app/static /app/static

# Copy migrations and seeds for production use
COPY --from=builder /app/migrations /app/migrations
COPY --from=builder /app/seeds /app/seeds

# Create uploads directory
RUN mkdir -p /app/uploads && chown -R app:app /app

# Switch to non-root user
USER app

# API stage
FROM go-base AS api
EXPOSE 8000
HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
    CMD curl -f http://localhost:${PORT:-8000}/api/health/ || exit 1
CMD ["/app/api"]

# Worker stage
FROM go-base AS worker
CMD ["/app/worker"]

# Admin panel runtime stage
FROM node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293 AS admin

WORKDIR /app

# Create non-root user
RUN addgroup -g 1001 nodejs && adduser -u 1001 -G nodejs -s /bin/sh -D nextjs

# Copy standalone build
COPY --from=admin-builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=admin-builder --chown=nextjs:nodejs /app/.next/static ./.next/static
COPY --from=admin-builder --chown=nextjs:nodejs /app/public ./public

USER nextjs

EXPOSE 3000

ENV PORT=3000
ENV HOSTNAME="0.0.0.0"

CMD ["node", "server.js"]

# Default production stage (for Dokku - runs API + Admin)
FROM node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293 AS production

# Install runtime dependencies
RUN apk add --no-cache ca-certificates tzdata curl

WORKDIR /app

# Copy Go binaries
COPY --from=builder /app/api /app/api
COPY --from=builder /app/worker /app/worker

# Copy templates directory
COPY --from=builder /app/templates /app/templates

# Copy static landing page files
COPY --from=builder /app/static /app/static

# Copy migrations and seeds
COPY --from=builder /app/migrations /app/migrations
COPY --from=builder /app/seeds /app/seeds

# Copy push notification certificates
COPY --from=builder /app/push_certs /app/push_certs

# Copy admin panel standalone build (Next.js recommended layout)
COPY --from=admin-builder /app/.next/standalone/ /app/
COPY --from=admin-builder /app/public /app/public
COPY --from=admin-builder /app/.next/static /app/.next/static

# Copy start script
COPY start.sh /app/start.sh
RUN chmod +x /app/start.sh

# Create uploads directory
RUN mkdir -p /app/uploads

EXPOSE 5000

HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
    CMD pgrep -f /app/worker > /dev/null && exit 0 || curl -f http://localhost:${PORT:-5000}/api/health/ || exit 1

CMD ["/app/start.sh"]
