# Docker Bake file for advanced multi-platform builds
# Usage: docker buildx bake -f docker-bake.hcl

variable "TAG" {
    default = "latest"
}

variable "REGISTRY" {
    default = ""
}

variable "VITE_COUCHDB_URL" {
    default = "http://localhost:5984"
}

variable "VITE_COUCHDB_USER" {
    default = "admin"
}

variable "VITE_COUCHDB_PASSWORD" {
    default = "change-this-secure-password"
}

variable "APP_BASE_URL" {
    default = "http://localhost:8080"
}

variable "VITE_GOOGLE_CLIENT_ID" {
    default = ""
}

variable "VITE_GITHUB_CLIENT_ID" {
    default = ""
}

group "default" {
    targets = ["app"]
}

target "app" {
    dockerfile = "Dockerfile"
    context = "."
    platforms = [
    "linux/amd64",
    "linux/arm64"
  ]

    tags = [
    "${REGISTRY}rxminder:${TAG}",
    "${REGISTRY}rxminder:latest"
  ]

    args = {
    # CouchDB Configuration
        VITE_COUCHDB_URL = "${VITE_COUCHDB_URL}"
        VITE_COUCHDB_USER = "${VITE_COUCHDB_USER}"
        VITE_COUCHDB_PASSWORD = "${VITE_COUCHDB_PASSWORD}"

    # Application Configuration
        APP_BASE_URL = "${APP_BASE_URL}"

    # OAuth Configuration (Optional)
        VITE_GOOGLE_CLIENT_ID = "${VITE_GOOGLE_CLIENT_ID}"
        VITE_GITHUB_CLIENT_ID = "${VITE_GITHUB_CLIENT_ID}"

    # Build environment
        NODE_ENV = "production"
    }

  # Advanced buildx features
    cache-from = [
    "type=gha",
    "type=registry,ref=${REGISTRY}rxminder:buildcache"
  ]

    cache-to = [
    "type=gha,mode=max",
    "type=registry,ref=${REGISTRY}rxminder:buildcache,mode=max"
  ]

  # Attestations for supply chain security
    attest = [
    "type=provenance,mode=max",
    "type=sbom"
  ]
}

# Development target for faster local builds
target "dev" {
    inherits = ["app"]
    platforms = ["linux/amd64"]
    tags = ["rxminder:dev"]
    cache-from = ["type=gha"]
    cache-to = ["type=gha,mode=max"]
}

# Production target with registry push
target "prod" {
    inherits = ["app"]
    output = ["type=registry"]
}