# Multi-stage Dockerfile for Medication Reminder App
FROM oven/bun:1 AS builder

# Set working directory
WORKDIR /app

# Copy package files
COPY package.json bun.lock* ./

# Install dependencies
RUN bun install --frozen-lockfile

# Copy source code
COPY . ./

# Build arguments for environment configuration
# Build Environment - unified config will handle the rest
ARG NODE_ENV=production

# Only essential runtime variables that override unified config defaults
# Note: VITE_COUCHDB_PASSWORD in ARG/ENV is acceptable for development builds
# In production, use secrets management instead of build-time arguments
ARG VITE_COUCHDB_URL
ARG VITE_COUCHDB_USER
ARG VITE_COUCHDB_PASSWORD
ARG VITE_ADMIN_EMAIL
ARG VITE_ADMIN_PASSWORD

# Set environment variables for build process
# Unified config handles defaults, only set essential runtime overrides
ENV NODE_ENV=$NODE_ENV
ENV VITE_COUCHDB_URL=$VITE_COUCHDB_URL
ENV VITE_COUCHDB_USER=$VITE_COUCHDB_USER
ENV VITE_COUCHDB_PASSWORD=$VITE_COUCHDB_PASSWORD
ENV VITE_ADMIN_EMAIL=$VITE_ADMIN_EMAIL
ENV VITE_ADMIN_PASSWORD=$VITE_ADMIN_PASSWORD

# Build the application
RUN bun run build

# Production stage
FROM caddy:2-alpine AS production

# Install curl for health checks
RUN apk add --no-cache curl

# Copy built files from builder stage
COPY --from=builder --chown=caddy:caddy /app/dist /usr/share/caddy

# Configure Caddy to serve SPA with health endpoint (no TLS)
RUN cat > /etc/caddy/Caddyfile <<'CADDY'
:80 {
  encode zstd gzip
  root * /usr/share/caddy

  handle_path /health {
    respond "ok" 200
  }

  file_server

  @spa not file
  rewrite @spa /index.html
}
CADDY

# Permissions: using default ownership; no chown required

# Run as root (default) to ensure user mapping is available in all runtimes

# Expose port
EXPOSE 80

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD curl -f http://localhost/health || exit 1

# Start caddy
CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]