# syntax=docker/dockerfile:1.7
# ---------------------------------------------------------------------------
# Cial — App (control plane) image.
#
# Single multi-tenant deploy. Hosts:
#   - @cial/app-api   (Next.js 16, owner UI + API at :3100)
#   - support libs    (orchestrator / router / scheduler) imported by app-api
#
# Brought up via docker-compose.yml at the repo root (PLAN-LOCAL.md L1).
# Required env at runtime: DATABASE_URL, BETTER_AUTH_SECRET.
# ---------------------------------------------------------------------------

ARG NODE_VERSION=22.12.0

FROM node:${NODE_VERSION}-bookworm-slim AS base
ENV PNPM_HOME=/pnpm \
    PATH=/pnpm:$PATH
RUN corepack enable && corepack prepare pnpm@9.15.0 --activate
RUN apt-get update \
 && apt-get install -y --no-install-recommends ca-certificates git \
 && rm -rf /var/lib/apt/lists/*
WORKDIR /cial

FROM base AS builder
# devDependencies (typescript, @types/*) are required to build Next + tsc.
ENV NODE_ENV=development
COPY pnpm-workspace.yaml pnpm-lock.yaml* package.json turbo.json tsconfig.base.json ./
COPY core ./core
COPY app ./app
RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
    pnpm install --frozen-lockfile=false
RUN pnpm turbo run build \
      --filter @cial/protocol \
      --filter @cial/app-orchestrator \
      --filter @cial/app-router \
      --filter @cial/app-scheduler \
      --filter @cial/app-api

FROM node:${NODE_VERSION}-bookworm-slim AS runtime
ENV NODE_ENV=production \
    PORT=3100
# The base node image ships a `node` user at uid/gid 1000 — drop it so we
# can claim 1000 for `cial` (matches the cial-tenant image).
RUN userdel --remove node 2>/dev/null || true \
 && groupdel node 2>/dev/null || true \
 && groupadd --system --gid 1000 cial \
 && useradd  --system --uid 1000 --gid 1000 --home /home/cial --create-home --shell /bin/bash cial \
 && mkdir -p /opt/cial-app \
 && chown -R cial:cial /opt/cial-app

COPY --from=builder --chown=cial:cial /cial /opt/cial-app

USER cial
WORKDIR /opt/cial-app/app/api
EXPOSE 3100
CMD ["node", "node_modules/next/dist/bin/next", "start", "-p", "3100"]
