# --- Dev stage ---
FROM node:22-alpine AS dev
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
EXPOSE 5173
CMD ["npm", "run", "dev", "--", "--host"]

# --- Build stage ---
# No VITE_API_URL build arg: the production image uses runtime config (/config.js)
# rendered at container startup. See docker/40-render-config.sh.
FROM node:22-alpine AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

# --- Production stage ---
FROM nginx:alpine AS production
# Pull current security fixes for OS packages inherited from the base image
# (e.g. nghttp2-libs CVE-2026-27135), then install envsubst for runtime config.
RUN apk upgrade --no-cache && apk add --no-cache gettext
COPY --from=build /app/dist /usr/share/nginx/html
COPY nginx.conf /etc/nginx/conf.d/default.conf
COPY docker/config.js.template /etc/nginx/templates/config.js.template
COPY docker/40-render-config.sh /docker-entrypoint.d/40-render-config.sh
RUN chmod +x /docker-entrypoint.d/40-render-config.sh
EXPOSE 80
# nginx:alpine's upstream entrypoint runs /docker-entrypoint.d/*.sh then launches nginx.