# Stage 1: Build frontend
FROM node:22 AS frontend-builder
WORKDIR /app/web
COPY web/ .
RUN npm install && npm run build

# Stage 2: Build backend
FROM golang:1.24 AS backend-builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download

COPY . .
# Copy built frontend into Go embed path (adjust if needed)
# COPY --from=frontend-builder /app/web/dist ./web/dist

RUN CGO_ENABLED=0 GOOS=linux make build

# Stage 3: Final image
FROM debian:bookworm-slim
WORKDIR /app

# Install CA certificates for HTTPS
RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*

COPY --from=backend-builder /app/bin/hspguard .
COPY --from=frontend-builder /app/dist ./dist

COPY redis.conf /config/redis.conf

# Optional: copy default .env file if used
# COPY .env .env

# Set environment variables (can be overridden at runtime)
ENV ENV=production \
    GUARD_PORT=3001 \
    GUARD_HOST="127.0.0.1" \
    GUARD_URI="http://localhost:3001" \
    GUARD_DB_URL="postgres://user:user@localhost:5432/db?sslmode=disable" \
    GUARD_ADMIN_NAME="admin" \
    GUARD_ADMIN_EMAIL="admin@test.net" \
    GUARD_ADMIN_PASSWORD="secret" \
    GUARD_JWT_PRIVATE="rsa" \
    GUARD_JWT_PUBLIC="rsa" \
    GUARD_JWT_KID="my-rsa-key-1" \
    GUARD_MINIO_ENDPOINT="localhost:9000" \
    GUARD_MINIO_ACCESS_KEY="" \
    GUARD_MINIO_SECRET_KEY="" \
    GOOSE_DRIVER="postgres" \
    GOOSE_DBSTRING=$GUARD_DB_URL \
    GOOSE_MIGRATION_DIR="./migrations"

EXPOSE 3001

CMD ["./hspguard"]