# syntax=docker/dockerfile:1.4
FROM node:19-alpine AS deps
WORKDIR /leCoffre-front

COPY package.json ./

ARG ENV_VARS
RUN echo "${ENV_VARS}" > .env

RUN apk update && apk add --no-cache openssh-client git

# Forward SSH agent via BuildKit (clé jamais écrite dans l'image)
RUN --mount=type=ssh \
    mkdir -p /root/.ssh && \
    ssh-keyscan git.4nkweb.com >> /root/.ssh/known_hosts && \
    npm install --frozen-lockfile

# Rebuild the source code only when needed
FROM node:19-alpine AS builder
WORKDIR /leCoffre-front

COPY --from=deps /leCoffre-front/node_modules ./node_modules
COPY --from=deps /leCoffre-front/package.json ./package.json
COPY --from=deps /leCoffre-front/.env ./.env
COPY tsconfig.json tsconfig.json
COPY next.config.js next.config.js
COPY src src

RUN npm run build

# Production image, copy all the files and run next
FROM node:19-alpine AS production
WORKDIR /leCoffre-front

# Création de l’utilisateur non-root
RUN adduser -D lecoffreuser --uid 10000 && chown -R lecoffreuser .

COPY public ./public
COPY --from=builder --chown=lecoffreuser /leCoffre-front/node_modules ./node_modules
COPY --from=builder --chown=lecoffreuser /leCoffre-front/.next ./.next
COPY --from=builder --chown=lecoffreuser /leCoffre-front/next.config.js ./next.config.js
COPY --from=builder --chown=lecoffreuser /leCoffre-front/package.json ./package.json
COPY --from=builder --chown=lecoffreuser /leCoffre-front/.env ./.env

USER lecoffreuser

CMD ["npm", "run", "start"]
EXPOSE 3000