FROM node:22-alpine AS builder
WORKDIR /app/web

ARG GITEA_NPM_HOST
ENV NODE_TLS_REJECT_UNAUTHORIZED=0
ENV NPM_CONFIG_STRICT_SSL=false
ENV GITEA_NPM_HOST=$GITEA_NPM_HOST

RUN npm config set strict-ssl false \
  && npm install -g pnpm@10.6.5

COPY .npmrc.docker ./.npmrc
COPY web/package.json ./package.json
RUN --mount=type=secret,id=gitea_npm_token \
  export GITEA_NPM_TOKEN="$(cat /run/secrets/gitea_npm_token)" && \
  pnpm install --ignore-scripts --lockfile=false

COPY web/next.config.ts ./next.config.ts
COPY web/tsconfig.json ./tsconfig.json
COPY web/next-env.d.ts ./next-env.d.ts
COPY web/src/ ./src/
COPY shared/ ../shared/

ENV NEXT_TELEMETRY_DISABLED=1
RUN pnpm run build

FROM node:22-alpine
WORKDIR /app/web
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
ENV NODE_TLS_REJECT_UNAUTHORIZED=0

COPY --from=builder /app/web/.next/standalone ./
COPY --from=builder /app/web/.next/static ./.next/static

EXPOSE 3000
CMD ["node", "server.js"]
