# Generated by https://smithery.ai. See: https://smithery.ai/docs/build/project-config
# Multi-stage build for optimal size and security
FROM node:22-alpine AS builder

# Build arguments for metadata (set by CI/CD)
ARG VERSION=dev
ARG BUILD_DATE
ARG VCS_REF

# Install security updates and required packages
RUN apk update && apk upgrade && \
    apk add --no-cache git && \
    rm -rf /var/cache/apk/*

# Set working directory
WORKDIR /app

# Copy package files first for better layer caching
COPY package*.json ./

# Install dependencies (including dev dependencies for build)
RUN npm ci --no-audit --prefer-offline

# Copy source code and configuration files
COPY src ./src
COPY tsconfig.json tsconfig.build.json ./

# Build the application with optimizations
RUN npm run build && \
    npm run typecheck

# Remove dev dependencies and clean npm cache
RUN npm prune --production && \
    npm cache clean --force

# Production stage
FROM node:22-alpine AS production

# Build arguments (passed from CI/CD)
ARG VERSION=dev
ARG BUILD_DATE
ARG VCS_REF

# Install security updates only (minimal surface)
RUN apk update && apk upgrade && \
    apk add --no-cache tini && \
    rm -rf /var/cache/apk/*

# Create non-root user for security
RUN addgroup -g 1001 -S nodejs && \
    adduser -S mcp -u 1001 -G nodejs

# Set working directory
WORKDIR /app

# Copy package files
COPY package*.json ./

# Copy built application from builder stage
COPY --from=builder --chown=mcp:nodejs /app/dist ./dist
COPY --from=builder --chown=mcp:nodejs /app/node_modules ./node_modules

# Copy necessary files
COPY --chown=mcp:nodejs bin ./bin
COPY --chown=mcp:nodejs README.md LICENSE ./

# Create config directory for volume mounting
RUN mkdir -p /app/config /app/logs && \
    chown -R mcp:nodejs /app

# Switch to non-root user
USER mcp

# Expose MCP server port (if needed for HTTP mode)
EXPOSE 3000

# Environment variables with defaults
ENV NODE_ENV=production
ENV NODE_OPTIONS="--experimental-vm-modules"
ENV MCP_SERVER_VERSION=${VERSION}

# Health check with better validation
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
  CMD node -e "console.log('Health check passed')" || exit 1

# Use tini as init system for proper signal handling
ENTRYPOINT ["/sbin/tini", "--"]

# Default command
CMD ["node", "dist/index.js"]

# OCI metadata labels (enhanced for v6 compliance)
LABEL org.opencontainers.image.title="MCP WordPress Server"
LABEL org.opencontainers.image.description="Complete WordPress MCP Server with 59 management tools, intelligent caching, real-time monitoring, and multi-site support"
LABEL org.opencontainers.image.version="${VERSION}"
LABEL org.opencontainers.image.created="${BUILD_DATE}"
LABEL org.opencontainers.image.revision="${VCS_REF}"
LABEL org.opencontainers.image.url="https://github.com/docdyhr/mcp-wordpress"
LABEL org.opencontainers.image.source="https://github.com/docdyhr/mcp-wordpress"
LABEL org.opencontainers.image.documentation="https://github.com/docdyhr/mcp-wordpress#readme"
LABEL org.opencontainers.image.authors="Thomas Dyhr <thomas@dyhr.com>"
LABEL org.opencontainers.image.vendor="docdyhr"
LABEL org.opencontainers.image.licenses="MIT"
LABEL org.opencontainers.image.base.name="node:22-alpine"

# Additional metadata
LABEL maintainer="Thomas Dyhr <thomas@dyhr.com>"
