FROM node:22-alpine AS builder

WORKDIR /app
# Copy npm package files
COPY package.json package-lock.json* ./
# Install all dependencies (including dev)
RUN npm ci

# Copy the rest of the project
COPY . .
# Build the SvelteKit app
RUN npm run build
# Remove devDependencies to keep the image small
RUN npm prune --omit=dev

# Runner Image
FROM node:22-alpine AS runner
WORKDIR /app

# Install necessary tools
RUN apk add --no-cache curl tar ca-certificates tzdata

# Install step-cli
# We download the latest version for linux amd64
RUN curl -LO https://github.com/smallstep/cli/releases/download/v0.28.2/step_linux_0.28.2_amd64.tar.gz \
    && tar -zxvf step_linux_0.28.2_amd64.tar.gz \
    && mv step_0.28.2/bin/step /usr/bin/step \
    && rm -rf step_linux_0.28.2_amd64.tar.gz step_0.28.2

# Copy built node app and production node_modules from builder
COPY --from=builder /app/build ./build
COPY --from=builder /app/node_modules ./node_modules
COPY package.json ./

# Create data directory
RUN mkdir -p /app/data/certs && chown -R node:node /app/data

# Use a non-root user
USER node

# Expose default HTTP port
EXPOSE 3000

ENV NODE_ENV=production
ENV STEP_BIN=/usr/bin/step
ENV STEP_OUTPUT_DIR=/app/data/certs

# By default, SvelteKit Node adapter listens on PORT 3000
CMD ["node", "build/index.js"]