FROM node:22-alpine AS builder
WORKDIR /app/backend

ARG GITEA_NPM_HOST
ENV NODE_TLS_REJECT_UNAUTHORIZED=0
ENV NPM_CONFIG_STRICT_SSL=false
ENV GITEA_NPM_HOST=$GITEA_NPM_HOST

RUN npm config set strict-ssl false \
  && npm install -g pnpm@10.6.5

COPY .npmrc.docker ./.npmrc
COPY backend/package.json ./package.json
RUN --mount=type=secret,id=gitea_npm_token \
  export GITEA_NPM_TOKEN="$(cat /run/secrets/gitea_npm_token)" && \
  pnpm install --ignore-scripts --lockfile=false

COPY backend/tsconfig.json ./tsconfig.json
COPY backend/src/ ./src/
COPY shared/ ../shared/
RUN pnpm run build

# Production stage
FROM node:22-alpine
WORKDIR /app/backend
ENV NODE_ENV=production
ENV NODE_TLS_REJECT_UNAUTHORIZED=0

COPY --from=builder /app/backend/node_modules ./node_modules
COPY --from=builder /app/backend/package.json ./package.json
COPY --from=builder /app/backend/dist ./dist
COPY shared/ ../shared/

EXPOSE 4016
CMD ["node", "dist/server.js"]
