# Multi-stage Dockerfile for Media API (Fastify)
# Uses Drizzle ORM for media tables + Prisma for user auth

FROM node:20-alpine AS base
WORKDIR /app

# Install ffmpeg for video metadata, vips-dev for sharp HEIC support, yt-dlp for video fetching
RUN apk add --no-cache ffmpeg vips-dev python3 py3-pip && pip3 install --break-system-packages yt-dlp

# Install dependencies
# Two-step: skip scripts to avoid sharp source build, then install prebuilt musl binary
COPY package*.json ./
RUN npm ci --omit=dev --ignore-scripts && \
    npm install --no-save @img/sharp-linuxmusl-x64

# Copy Prisma schema and generate client (needed for auth middleware)
COPY prisma ./prisma
RUN npx prisma generate

# Copy source code
COPY src ./src
COPY drizzle ./drizzle
COPY drizzle.config.ts ./
COPY tsconfig.json ./

# Development stage with hot reload
FROM base AS development
# su-exec for dropping privileges after fixing mounted volume permissions
RUN apk add --no-cache su-exec
RUN npm install tsx --save-dev
COPY media-docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/media-docker-entrypoint.sh
ENTRYPOINT ["media-docker-entrypoint.sh"]
CMD ["npx", "tsx", "watch", "src/media-server.ts"]

# Build stage
FROM base AS build
RUN npm install typescript --save-dev
RUN npm run build

# Production stage
FROM node:20-alpine AS production
WORKDIR /app

# Install ffmpeg for video metadata, vips-dev for sharp HEIC support, yt-dlp for video fetching.
# su-exec lets the entrypoint drop privileges after fixing mounted volume permissions.
RUN apk add --no-cache ffmpeg vips-dev python3 py3-pip su-exec && pip3 install --break-system-packages yt-dlp

# Copy manifests and install production-only deps (no devDeps like typescript)
COPY --from=build /app/package*.json ./
RUN npm ci --omit=dev --ignore-scripts && \
    npm install --no-save @img/sharp-linuxmusl-x64

# Copy built output and schema
COPY --from=build /app/dist ./dist
COPY --from=build /app/prisma ./prisma
RUN npx prisma generate

# Entrypoint chowns mounted /media subdirs (root-owned on fresh deploys) then
# drops to node via su-exec. Note: USER node is intentionally NOT set here —
# the entrypoint must start as root to repair host bind-mount permissions.
COPY media-docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/media-docker-entrypoint.sh

ENTRYPOINT ["media-docker-entrypoint.sh"]
CMD ["node", "dist/media-server.js"]