# ═══════════════════════════════════════════════
# مُصادَق — Multi-stage Docker Build
# ═══════════════════════════════════════════════

# ── Stage 1: Builder ──────────────────────────
FROM node:20-alpine AS builder

WORKDIR /app

COPY package*.json ./
RUN npm install

COPY . .
RUN npm run build

# ── Stage 2: Production ──────────────────────
FROM node:20-alpine AS production

# Security: non-root user
RUN addgroup -g 1001 -S musadaq && \
    adduser -S musadaq -u 1001 -G musadaq

WORKDIR /app

# Copy only production deps
COPY package*.json ./
RUN npm install --only=production && npm cache clean --force

# Copy built application
COPY --from=builder /app/dist ./dist

# Create uploads directory
RUN mkdir -p /app/uploads && chown -R musadaq:musadaq /app

USER musadaq

EXPOSE 3300

CMD ["node", "dist/main"]