FROM node:lts-alpine AS builder
WORKDIR /app

# Install pnpm
RUN npm i -g pnpm

# Copy package files
COPY package.json pnpm-lock.yaml ./

# Install dependencies
RUN pnpm install

# Copy source code
COPY . .

# Build the application
RUN pnpm run build

FROM node:lts-alpine AS runtime
WORKDIR /app

# Install pnpm
RUN npm i -g pnpm

# Install Chromium and dependencies for Alpine
RUN apk add --no-cache \
    chromium \
    nss \
    freetype \
    freetype-dev \
    harfbuzz \
    ca-certificates \
    ttf-freefont \
    font-noto-emoji \
    font-noto \
    font-noto-cjk \
    font-noto-extra \
    wqy-zenhei

# Copy built application
COPY --from=builder /app/dist ./dist
COPY package.json pnpm-lock.yaml ./

# Install production dependencies
RUN pnpm install --prod

# Create a non-root user for security
RUN addgroup -g 1001 -S pptruser \
    && adduser -S -D -H -u 1001 -s /sbin/nologin -G pptruser pptruser \
    && mkdir -p /home/pptruser/Downloads \
    && chown -R pptruser:pptruser /home/pptruser \
    && chown -R pptruser:pptruser /app

# Set environment variables
ENV HOST=0.0.0.0
ENV PORT=4321
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser
ENV CHROME_BIN=/usr/bin/chromium-browser
ENV CHROME_PATH=/usr/bin/chromium-browser

# Expose port
EXPOSE 4321

# Switch to non-root user
USER pptruser

# Start the application
CMD ["node", "./dist/server/entry.mjs"]