# Stage 1: Install dependencies
FROM node:22-alpine AS deps
RUN apk add --no-cache libc6-compat
WORKDIR /app
COPY package.json pnpm-lock.yaml ./
RUN corepack enable pnpm
RUN pnpm install --ignore-scripts

# Stage 2: Build the app
FROM node:22-alpine AS builder
RUN apk add --no-cache libc6-compat openssl
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
RUN corepack enable pnpm
RUN pnpm run build
# Bundle the standalone migration runner. This produces dist/migrate.mjs
# with drizzle-orm + postgres inlined, so the runner stage needs no extra
# node_modules. Runs here because the builder has full dependencies.
RUN pnpm run db:build-migrator

# Stage 3: Production runner
FROM node:22-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production
RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs
COPY --from=builder /app/public ./public
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder /app/.next/static .next/static
# Migration runner + migration SQL. The migrator runs on container start
# (see CMD) BEFORE the Next.js server boots — see drizzle/README.md.
COPY --from=builder --chown=nextjs:nodejs /app/dist/migrate.mjs ./migrate.mjs
COPY --from=builder --chown=nextjs:nodejs /app/drizzle ./drizzle
USER nextjs
EXPOSE 3000
ENV PORT=3000
ENV HOSTNAME="0.0.0.0"
# Apply pending migrations, THEN start the server. If migration fails the
# process exits non-zero and the container crashes — a loud, safe failure
# that prevents the app from serving against a half-migrated schema.
CMD ["sh", "-c", "node migrate.mjs && node server.js"]