# syntax=docker/dockerfile:1.7

# ─── Stage 1 — install deps ─────────────────────────────────────────────────
FROM node:22-alpine AS deps
WORKDIR /app
RUN apk add --no-cache git python3 make g++
RUN corepack enable && corepack prepare pnpm@9.15.0 --activate
COPY package.json pnpm-lock.yaml* ./
RUN pnpm install --frozen-lockfile || pnpm install

# ─── Stage 2 — build client + server ─────────────────────────────────────────
FROM node:22-alpine AS builder
WORKDIR /app
RUN apk add --no-cache git
RUN corepack enable && corepack prepare pnpm@9.15.0 --activate
COPY --from=deps /app/node_modules ./node_modules
COPY . .
RUN pnpm build

# ─── Stage 3 — runtime ──────────────────────────────────────────────────────
FROM node:22-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production \
    PORT=5000

RUN corepack enable && corepack prepare pnpm@9.15.0 --activate

# Copy production deps + built assets
COPY --from=deps /app/node_modules ./node_modules
COPY --from=builder /app/dist ./dist
COPY package.json tsconfig.json drizzle.config.ts ./
COPY server ./server
COPY shared ./shared

# Persistent app data directory (WhatsApp sessions, DB backups, …).
# In production this should be backed by a Docker named volume.
RUN mkdir -p /app/data/whatsapp-sessions /app/data/backups

# Bundle the operational scripts (DB backup, etc.)
COPY scripts ./scripts
RUN chmod +x ./scripts/*.sh || true

# Tools used by the backup script
RUN apk add --no-cache mysql-client

RUN addgroup -S app && adduser -S app -G app && chown -R app:app /app
USER app

EXPOSE 5000

HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
  CMD wget -qO- http://127.0.0.1:5000/api/health || exit 1

CMD ["pnpm", "start"]