# ---- build stage ----
FROM node:20-alpine AS build
WORKDIR /app

# Needed for node-gyp / native deps on Alpine
RUN apk add --no-cache python3 make g++ git

# Install deps
COPY package*.json ./
# If you have a package-lock.json, this will be deterministic.
RUN npm ci

# Copy source + build
COPY . .
RUN npm run build

# ---- runtime stage ----
FROM node:20-alpine AS runtime
WORKDIR /app

ENV NODE_ENV=production
ENV PORT=3000
ENV HOST=0.0.0.0

RUN addgroup -S nodegroup && adduser -S nodeuser -G nodegroup

COPY --from=build /app/.output ./.output

EXPOSE 3000
USER nodeuser

CMD ["node", ".output/server/index.mjs"]