# Dockerfile for ATP Keyserver
# Based on Bun's official Docker guide: https://bun.com/docs/guides/ecosystem/docker

# Stage 1: Base image
FROM oven/bun:1 AS base
WORKDIR /app

# Stage 2: Install dependencies
FROM base AS install

# Install all dependencies (including dev)
RUN mkdir -p /temp/dev
COPY packages/server/package.json bun.lock /temp/dev/
RUN cd /temp/dev && bun install

# Stage 3: Prerelease (optional test/build stage)
# FROM base AS prerelease
# COPY --from=install /temp/dev/node_modules node_modules
# COPY packages/server/ .

# # Set production environment for any build processes
# ENV NODE_ENV=production

# # Note: No build step needed - Bun runs TypeScript directly
# # If you add tests in the future, run them here:
# RUN bun test

# Stage 4: Release (final production image)
FROM base AS release

# Copy production dependencies
COPY --from=install /temp/dev/node_modules node_modules

# Copy application source
COPY packages/server/ .

# Set production environment
ENV NODE_ENV=production

# Volume for persistent database storage
VOLUME ["/app/data"]

# Create data directory for database (before switching to bun user)
RUN mkdir -p /app/data && chown bun:bun /app/data

# Run as non-root user for security
USER bun

# Expose the default port (configurable via PORT env var)
EXPOSE 4000/tcp

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD bun -e "fetch('http://localhost:4000/').then(r => r.ok ? process.exit(0) : process.exit(1)).catch(() => process.exit(1))"

# Start the server
ENTRYPOINT ["bun", "run", "main.ts"]