# ---------- wasm-builder ----------
FROM docker.io/rust:1.90-slim AS wasm-builder
WORKDIR /app

# Set CARGO_HOME to ensure cargo uses our configuration
ENV CARGO_HOME=/root/.cargo

# Install wasm32 target and wasm-pack
RUN rustup target add wasm32-unknown-unknown
RUN cargo install wasm-pack --root /usr/local

# Configure cargo registry for sharenet-sh-forgejo
RUN mkdir -p $CARGO_HOME
RUN echo '[registries.sharenet-sh-forgejo]' > $CARGO_HOME/config.toml
RUN echo 'index = "sparse+https://git.sharenet.sh/api/packages/devteam/cargo/"' >> $CARGO_HOME/config.toml
RUN echo '' >> $CARGO_HOME/config.toml
RUN echo '[net]' >> $CARGO_HOME/config.toml
RUN echo 'git-fetch-with-cli = true' >> $CARGO_HOME/config.toml

# Copy WASM source and build
COPY wasm/Cargo.toml wasm/Cargo.lock ./wasm/
COPY wasm/src ./wasm/src/
RUN cd wasm && wasm-pack build --target web

# ---------- build ----------
FROM docker.io/node:20-slim AS builder
WORKDIR /app

# Install dependencies with minimal footprint using package-lock.json for deterministic builds
COPY package*.json ./
RUN npm ci --no-audit --no-fund --prefer-offline

# Copy app source and WASM artifacts
COPY --from=wasm-builder /app/wasm/pkg ./src/lib/wasm-pkg/
COPY . .

# disable telemetry; let Next control NODE_ENV during build
ENV NEXT_TELEMETRY_DISABLED=1

# Build-time environment variables for Next.js public config
ARG NEXT_PUBLIC_API_HOST=127.0.0.1
ARG NEXT_PUBLIC_API_PORT=3001
ENV NEXT_PUBLIC_API_HOST=${NEXT_PUBLIC_API_HOST}
ENV NEXT_PUBLIC_API_PORT=${NEXT_PUBLIC_API_PORT}

RUN npm run build
# Clean up to save space
RUN rm -rf node_modules .next/cache ~/.npm

# ---------- runner (standalone) ----------
FROM docker.io/node:20-slim AS runner
WORKDIR /app

# runtime env
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
ENV PORT=3000
ENV HOSTNAME=127.0.0.1

# minimal probe tool
RUN apt-get update && apt-get install -y --no-install-recommends wget && rm -rf /var/lib/apt/lists/*

# copy standalone artifacts
COPY --from=builder /app/public ./public
COPY --from=builder /app/.next/standalone ./
COPY --from=builder /app/.next/static ./.next/static

# non-root (optional)
RUN addgroup --system --gid 1001 nodejs \
 && adduser  --system --uid 1001 nextjs \
 && chown -R nextjs:nodejs /app
USER nextjs

EXPOSE 3000

# healthcheck (no /api prefix)
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD wget -qO- http://127.0.0.1:${PORT}/ >/dev/null 2>&1 || exit 1

CMD ["node", "server.js"]