# Tale Web Dockerfile — Vite SPA, no backend coupling
ARG VERSION=dev

FROM oven/bun:1.3.12 AS bun-bin

# ============================================================================
# Stage 1: workspace deps
# ============================================================================
FROM debian:bookworm-slim AS workspace-deps
COPY --from=bun-bin /usr/local/bin/bun /usr/local/bin/bun
RUN ln -s /usr/local/bin/bun /usr/local/bin/bunx
WORKDIR /app

COPY package.json bun.lock bunfig.toml ./
COPY packages/tale_knowledge/package.json ./packages/tale_knowledge/
COPY packages/tale_shared/package.json ./packages/tale_shared/
COPY packages/tale_telemetry/package.json ./packages/tale_telemetry/
COPY packages/ui/package.json ./packages/ui/
COPY services/platform/package.json ./services/platform/
COPY services/crawler/package.json ./services/crawler/
COPY services/rag/package.json ./services/rag/
COPY services/db/package.json ./services/db/
COPY services/proxy/package.json ./services/proxy/
COPY services/sandbox/package.json ./services/sandbox/
COPY services/controller/package.json ./services/controller/
COPY services/web/package.json ./services/web/
COPY services/docs/package.json ./services/docs/
COPY tools/cli/package.json ./tools/cli/
COPY tools/plop/package.json ./tools/plop/
COPY patches/ ./patches/

RUN apt-get update && apt-get install -y --no-install-recommends python3 make g++ \
    && rm -rf /var/lib/apt/lists/* \
    && HUSKY=0 bun install

# ============================================================================
# Stage 2: builder
# ============================================================================
FROM workspace-deps AS builder
WORKDIR /app

COPY tsconfig.base.json ./
COPY packages/ui ./packages/ui
COPY services/web ./services/web

ARG WEB_DOCS_URL=https://tale.dev/docs
ENV NODE_ENV=production \
    WEB_DOCS_URL=${WEB_DOCS_URL} \
    VITE_DOCS_URL=${WEB_DOCS_URL}
WORKDIR /app/services/web
# Build the SPA + SSR bundle, then precompile the SEO + LLM artifact set
# into `dist-seo/`. The compile step uses the SSR bundle (loaded as a
# `file://` import) to render marketing route bodies at build time, plus
# reads legal markdown from `app/content/legal/` — neither source is
# available in the runner stage, so this MUST run in the builder.
RUN bun --bun vite build \
    && bun --bun vite build --ssr app/entry-server.tsx --outDir dist-ssr \
    && bun --bun /app/packages/ui/bin/seo-compile.ts ./scripts/seo.config.ts --out dist-seo \
    && bun build server.ts --target=bun --outfile=server.js --external bun --external canvas
WORKDIR /app

# ============================================================================
# Stage 3: runtime
# ============================================================================
FROM oven/bun:1.3.12-slim AS runner

ARG VERSION=dev
LABEL org.opencontainers.image.version="${VERSION}" \
      org.opencontainers.image.title="tale-web" \
      org.opencontainers.image.description="Tale marketing site"

ARG LOCALE_COOKIE_DOMAIN=
ENV NODE_ENV=production \
    TALE_VERSION=${VERSION} \
    PORT=3001 \
    HOSTNAME="0.0.0.0" \
    DO_NOT_TRACK=1 \
    LOCALE_COOKIE_DOMAIN=${LOCALE_COOKIE_DOMAIN}

WORKDIR /app

RUN apt-get update && apt-get install -y --no-install-recommends curl tini ca-certificates \
    && rm -rf /var/lib/apt/lists/* \
    && groupadd --system --gid 1001 app \
    && useradd --system --uid 1001 --gid app app

COPY --from=builder --chown=app:app /app/services/web/dist ./dist
COPY --from=builder --chown=app:app /app/services/web/dist-ssr ./dist-ssr
COPY --from=builder --chown=app:app /app/services/web/dist-seo ./dist-seo
COPY --from=builder --chown=app:app /app/services/web/server.js ./server.js
COPY --from=builder --chown=app:app /app/services/web/package.json ./package.json
COPY --from=builder --chown=app:app /app/services/web/docker-entrypoint.sh ./docker-entrypoint.sh
RUN chmod +x ./docker-entrypoint.sh

USER app
EXPOSE 3001
HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost:3001/api/health || exit 1

ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["/app/docker-entrypoint.sh"]
