# syntax=docker/dockerfile:1.7
FROM node:22-slim AS builder
WORKDIR /app/backend

# Corporate proxies often perform TLS interception; npm/pnpm registry
# fetches need strict-ssl disabled for the build step (same pattern as
# web/Dockerfile). These flags apply only inside the build container.
ENV NODE_TLS_REJECT_UNAUTHORIZED=0
ENV NPM_CONFIG_STRICT_SSL=false

RUN npm config set strict-ssl false \
  && npm install -g pnpm@10.6.5

ARG GITEA_NPM_HOST=localhost
ARG GITEA_NPM_OWNER=learning_ai_user

COPY .npmrc.docker ./.npmrc
COPY .docker-deps* ../.docker-deps/
COPY backend/package.json ./package.json

RUN pnpm install --ignore-scripts --lockfile=false

COPY backend/tsconfig.json ./tsconfig.json
COPY backend/src/ ./src/
COPY shared/ ../shared/
RUN pnpm run build

FROM node:22-slim
WORKDIR /app/backend
ENV NODE_ENV=production

COPY --from=builder /app/backend/node_modules ./node_modules
COPY --from=builder /app/backend/package.json ./package.json
COPY --from=builder /app/backend/dist ./dist
COPY shared/ ../shared/

EXPOSE 4016
CMD ["node", "dist/server.js"]
