# Stage 1: Install dependencies
FROM node:20-alpine AS deps
RUN corepack enable && corepack prepare pnpm@10.33.2 --activate
WORKDIR /app
COPY package.json pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile --prod=false

# Stage 1b: Production dependency tree in a flat (hoisted) node_modules.
# Hoisted = symlink-free, so a Docker COPY into the runner is faithful
# (copying pnpm's default symlinked layout dereferences and breaks
# transitive resolution); complete = the custom socket.io server's deps
# (engine.io, accepts, ws, ...) all resolve at runtime.
FROM node:20-alpine AS prod-deps
RUN corepack enable && corepack prepare pnpm@10.33.2 --activate
WORKDIR /app
COPY package.json pnpm-lock.yaml ./
RUN echo "node-linker=hoisted" > .npmrc && pnpm install --frozen-lockfile --prod

# Stage 2: Build the application
FROM node:20-alpine AS builder
RUN corepack enable && corepack prepare pnpm@10.33.2 --activate
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
# NODE_ENV=production in the builder makes `next build` and any code
# branching on isProd deterministic (build-auditor M9). Without this,
# CSP and other prod-only paths would compile under whatever NODE_ENV
# the host carried in.
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
ENV SKIP_ENV_VALIDATION=1
RUN pnpm build

# Stage 3: Production runner
FROM node:20-alpine AS runner
RUN addgroup --system --gid 1001 nodejs && adduser --system --uid 1001 nextjs
WORKDIR /app
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
COPY --from=builder --chown=nextjs:nodejs /app/public ./public
COPY --from=builder --chown=nextjs:nodejs /app/dist/server.js ./server-custom.js
# server-custom.js is CJS (esbuild --packages=external) and require()s its
# deps at runtime — socket.io's full closure (engine.io→accepts/ws/cors),
# drizzle-orm's CJS entry (index.cjs), zod, etc. The Next standalone trace
# builds node_modules for the APP's ESM imports, so it omits the socket
# server's deps entirely (MODULE_NOT_FOUND 'accepts') AND ships ESM-only
# entries for shared packages (drizzle-orm/index.cjs missing). A NODE_PATH
# fallback can't fix the latter — Node finds the incomplete package in the
# standalone tree and errors instead of falling through. So replace the
# traced node_modules with the complete hoisted prod tree: every external
# the custom server requires resolves. Next's standalone .next runs fine
# on the full `next` package (same version, superset of the trace); the
# one thing the standalone bootstrap would set — globalThis.AsyncLocalStorage
# — is handled up-front by src/server-runtime-preamble.ts.
RUN rm -rf ./node_modules
COPY --from=prod-deps --chown=nextjs:nodejs /app/node_modules ./node_modules
USER nextjs
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=5s --start-period=20s --retries=3 \
  CMD wget --no-verbose --tries=1 --spider http://localhost:${PORT:-3000}/api/health || exit 1
CMD ["node", "server-custom.js"]
