# syntax=docker/dockerfile:1

# ---- Stage 1: Install dependencies ----
FROM node:20-slim AS deps

RUN corepack enable && corepack prepare pnpm@8.15.0 --activate

WORKDIR /app

COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
COPY packages/ui/package.json ./packages/ui/package.json

RUN pnpm install --frozen-lockfile --prod=false

# ---- Stage 2: Build the application ----
FROM node:20-slim AS builder

RUN corepack enable && corepack prepare pnpm@8.15.0 --activate

WORKDIR /app

COPY --from=deps /app/node_modules ./node_modules
COPY --from=deps /app/packages/ui/node_modules ./packages/ui/node_modules
COPY . .

ENV NEXT_TELEMETRY_DISABLED=1
ENV NODE_ENV=production

# Internal API URL for Next.js rewrites (baked into standalone build at compile time).
# Override at build time: docker build --build-arg INTERNAL_API_URL=http://my-api:8080
ARG INTERNAL_API_URL=http://skillmeat-api:8080
ENV INTERNAL_API_URL=$INTERNAL_API_URL

# Clerk publishable key must be available at build time for NEXT_PUBLIC_ inlining.
# Pass via: docker build --build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_test_...
ARG NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=""
ENV NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY

# ---------------------------------------------------------------------------
# NEXT_PUBLIC_* build-time vars — Next.js inlines these into the client bundle
# at compile time via string substitution. Runtime env (env_file/environment)
# does NOT propagate to client code; values MUST be present at `pnpm build`.
# Defaults here are safe for zero-config local builds; compose.yml forwards
# real values via build.args from the host .env.
# ---------------------------------------------------------------------------
ARG NEXT_PUBLIC_API_URL=""
ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL

ARG NEXT_PUBLIC_API_VERSION="v1"
ENV NEXT_PUBLIC_API_VERSION=$NEXT_PUBLIC_API_VERSION

ARG NEXT_PUBLIC_WS_URL=""
ENV NEXT_PUBLIC_WS_URL=$NEXT_PUBLIC_WS_URL

ARG NEXT_PUBLIC_APP_VERSION=""
ENV NEXT_PUBLIC_APP_VERSION=$NEXT_PUBLIC_APP_VERSION

ARG NEXT_PUBLIC_AUTH_ENABLED="false"
ENV NEXT_PUBLIC_AUTH_ENABLED=$NEXT_PUBLIC_AUTH_ENABLED

ARG NEXT_PUBLIC_SKILLMEAT_EDITION="local"
ENV NEXT_PUBLIC_SKILLMEAT_EDITION=$NEXT_PUBLIC_SKILLMEAT_EDITION

ARG NEXT_PUBLIC_CLERK_SIGN_IN_URL="/auth/login"
ENV NEXT_PUBLIC_CLERK_SIGN_IN_URL=$NEXT_PUBLIC_CLERK_SIGN_IN_URL

ARG NEXT_PUBLIC_CLERK_SIGN_UP_URL="/auth/signup"
ENV NEXT_PUBLIC_CLERK_SIGN_UP_URL=$NEXT_PUBLIC_CLERK_SIGN_UP_URL

ARG NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL="/"
ENV NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL=$NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL

ARG NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL="/"
ENV NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL=$NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL

ARG NEXT_PUBLIC_FEATURE_UNIFIED_ARTIFACT_BROWSER="false"
ENV NEXT_PUBLIC_FEATURE_UNIFIED_ARTIFACT_BROWSER=$NEXT_PUBLIC_FEATURE_UNIFIED_ARTIFACT_BROWSER

ARG NEXT_PUBLIC_FEATURE_SAM_ARTIFACT_TELEMETRY_ENABLED="false"
ENV NEXT_PUBLIC_FEATURE_SAM_ARTIFACT_TELEMETRY_ENABLED=$NEXT_PUBLIC_FEATURE_SAM_ARTIFACT_TELEMETRY_ENABLED

ARG NEXT_PUBLIC_SKILLMEAT_DISCOVERY_AGENT_ENABLED="false"
ENV NEXT_PUBLIC_SKILLMEAT_DISCOVERY_AGENT_ENABLED=$NEXT_PUBLIC_SKILLMEAT_DISCOVERY_AGENT_ENABLED

ARG NEXT_PUBLIC_SKILLMEAT_AGENT_MAX_TURNS=""
ENV NEXT_PUBLIC_SKILLMEAT_AGENT_MAX_TURNS=$NEXT_PUBLIC_SKILLMEAT_AGENT_MAX_TURNS

# Explicitly build the @miethe/ui workspace package before Next.js compiles.
# The web package.json declares a `prebuild` hook for this, but pnpm v7+ disables
# pre/post lifecycle scripts by default (enable-pre-post-scripts=false), so the
# hook silently no-ops in fresh container builds. Invoking explicitly is durable.
RUN pnpm --filter @miethe/ui build && pnpm build

# ---- Stage: Dev runner (hot-reload via docker-compose.dev.yml) ----
FROM builder AS dev
WORKDIR /app
ENV NODE_ENV=development
EXPOSE 3000
CMD ["npx", "next", "dev", "--port", "3000", "--hostname", "0.0.0.0"]

# ---- Stage 3: Production runner ----
FROM node:20-slim AS runner

LABEL org.opencontainers.image.source="https://github.com/miethe/skillmeat"
LABEL org.opencontainers.image.description="SkillMeat Web Interface - Collection browser and management dashboard"

ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
ENV PORT=3000
ENV HOSTNAME=0.0.0.0

WORKDIR /app

RUN addgroup --system --gid 1001 nodejs && \
    adduser --system --uid 1001 --ingroup nodejs nextjs

# Copy standalone server output
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./

# Copy static assets (not included in standalone output)
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static

# Copy public assets
COPY --from=builder --chown=nextjs:nodejs /app/public ./public

USER nextjs

EXPOSE 3000

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
    CMD node -e "const http = require('http'); const req = http.get('http://localhost:3000/_next/static/chunks/webpack.js', (res) => { process.exit(res.statusCode < 500 ? 0 : 1); }); req.on('error', () => process.exit(1)); req.setTimeout(3000, () => { req.destroy(); process.exit(1); });"

CMD ["node", "server.js"]
