# CHLOVA backend — image multi-stage, base épinglée (jamais :latest).
# Contexte de build = RACINE du dépôt (voir infra/docker-compose.yml) : l'image
# embarque l'API ET le SPA web (servi same-origin).
# TODO épingler le digest (node:24.13-bookworm-slim@sha256:...) avant déploiement réel.

# ── Build du SPA (web/) ─────────────────────────────────────────────────
FROM node:24.13-bookworm-slim AS web-build
WORKDIR /web
COPY web/package.json web/package-lock.json* ./
RUN npm ci
COPY web/ ./
RUN npm run build

# ── Build de l'API (orchestrator/) ──────────────────────────────────────
FROM node:24.13-bookworm-slim AS api-build
WORKDIR /app
COPY orchestrator/package.json orchestrator/package-lock.json* ./
RUN npm ci
COPY orchestrator/tsconfig.json orchestrator/tsconfig.build.json ./
COPY orchestrator/src ./src
RUN npm run build

# ── Runtime ─────────────────────────────────────────────────────────────
FROM node:24.13-bookworm-slim AS runtime
ENV NODE_ENV=production
ENV CHLOVA_WEB_ROOT=/app/web
WORKDIR /app
COPY orchestrator/package.json orchestrator/package-lock.json* ./
RUN npm ci --omit=dev && npm cache clean --force
COPY --from=api-build /app/dist ./dist
COPY --from=web-build /web/dist ./web
# Données runtime (SQLite). L'utilisateur node ne tourne pas en root.
RUN mkdir -p /app/data && chown -R node:node /app
USER node
HEALTHCHECK --interval=30s --timeout=3s --retries=3 \
  CMD node -e "fetch('http://127.0.0.1:8080/health').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"
CMD ["node", "dist/index.js"]