FROM node:20-alpine AS builder

WORKDIR /app

COPY package.json package-lock.json* ./
RUN npm ci

COPY tsconfig.json ./
COPY prisma ./prisma
COPY src ./src

RUN npx prisma generate
RUN npm run build

# --- Runtime stage ---
FROM node:20-alpine AS runner

# Install OpenSSL libraries required by Prisma
RUN apk add --no-cache openssl libssl3

RUN addgroup --gid 1001 appgroup && \
    adduser -D -u 1001 -G appgroup appuser

WORKDIR /app

COPY package.json package-lock.json* ./
RUN npm ci --omit=dev

COPY --from=builder /app/dist ./dist
COPY prisma ./prisma
RUN npx prisma generate

RUN chown -R appuser:appgroup /app

USER appuser

EXPOSE 3007

CMD ["node", "dist/index.js"]
