FROM node:22-alpine AS builder
WORKDIR /app/backend

ARG GITEA_NPM_HOST
ENV HTTP_PROXY=http://cso.proxy.att.com:8080/
ENV HTTPS_PROXY=http://cso.proxy.att.com:8080/
ENV NO_PROXY=localhost,127.0.0.1,host.docker.internal,gateway.docker.internal,192.168.65.254,192.168.86.40
ENV NODE_TLS_REJECT_UNAUTHORIZED=0
ENV NPM_CONFIG_STRICT_SSL=false
ENV GITEA_NPM_HOST=$GITEA_NPM_HOST

RUN npm config set strict-ssl false \
  && npm config set registry https://jfrog-pkg-proxy.it.att.com/artifactory/api/npm/att-npm-proxy-group/ \
  && npm install -g pnpm@10.6.5

COPY .npmrc.docker ./.npmrc
COPY backend/package.json ./package.json
RUN --mount=type=secret,id=gitea_npm_token \
  export GITEA_NPM_TOKEN="$(cat /run/secrets/gitea_npm_token)" && \
  pnpm install --ignore-scripts --lockfile=false

COPY backend/tsconfig.json ./tsconfig.json
COPY backend/src/ ./src/
COPY shared/ ../shared/
RUN pnpm run build

FROM node:22-alpine
WORKDIR /app/backend
ENV NODE_ENV=production
ENV HTTP_PROXY=http://cso.proxy.att.com:8080/
ENV HTTPS_PROXY=http://cso.proxy.att.com:8080/
ENV NO_PROXY=localhost,127.0.0.1,host.docker.internal,gateway.docker.internal,192.168.65.254,192.168.86.40
ENV NODE_TLS_REJECT_UNAUTHORIZED=0
ENV NPM_CONFIG_STRICT_SSL=false

COPY --from=builder /app/backend/node_modules ./node_modules
COPY --from=builder /app/backend/package.json ./package.json
COPY --from=builder /app/backend/dist ./dist
COPY shared/ ../shared/

EXPOSE 4011
CMD ["node", "dist/server.js"]
