# Multi-stage build for efficient image size
FROM node:22-alpine AS builder

# Set working directory
WORKDIR /app

# Copy package files
COPY package*.json ./

# Install ALL dependencies (including dev) for building - skip prepare script
RUN npm ci --ignore-scripts

# Copy TypeScript config, ESLint config, and source files
COPY tsconfig.json eslint.config.mjs ./
COPY src ./src

# Build the TypeScript project
RUN npm run build

# Production stage
FROM cgr.dev/chainguard/node:latest

ENV NODE_ENV=production

# Chainguard node runs as nonroot by default (user: node)
WORKDIR /app

# Copy only package manifests and install production deps in a clean layer
COPY --chown=node:node package*.json ./
RUN npm ci --omit=dev --ignore-scripts && npm cache clean --force

# Copy built application from builder stage
COPY --chown=node:node --from=builder /app/dist ./dist

# No shell, no init needed; run as provided nonroot user
ENTRYPOINT ["/usr/bin/node"]
CMD ["dist/cli.js"]
