# Stage 1: Build the frontend
FROM cgr.dev/chainguard/node:latest-dev AS node-builder
WORKDIR /app

USER root
RUN npm install -g pnpm
USER node

COPY --chown=node:node frontend/package.json frontend/pnpm-lock.yaml ./frontend/
WORKDIR /app/frontend
RUN pnpm install --frozen-lockfile

COPY --chown=node:node frontend/ ./
RUN pnpm run build

# Stage 2: Build the Go binary with embedded assets
FROM cgr.dev/chainguard/go:latest-dev AS go-builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
COPY --from=node-builder /app/frontend/build ./frontend/build
RUN CGO_ENABLED=0 go build -ldflags="-s -w" -o software-station main.go

# Stage 3: Minimal runtime image
FROM cgr.dev/chainguard/wolfi-base:latest
WORKDIR /app

RUN apk add --no-cache ca-certificates

COPY --from=go-builder /app/software-station .

COPY legal/ ./legal/

COPY software.txt /app/data/software.txt
COPY ua-blocklist.txt /app/data/ua-blocklist.txt

RUN mkdir -p /app/data /app/.cache && chown -R 65532:65532 /app/data /app/.cache

EXPOSE 8080
ENV PORT=8080
ENV NODE_ENV=production
ENV CONFIG_PATH=/app/data/software.txt
ENV UA_BLOCKLIST_PATH=/app/data/ua-blocklist.txt

USER 65532

CMD ["sh", "-c", "./software-station -c ${CONFIG_PATH} -ua-blocklist ${UA_BLOCKLIST_PATH}"]