FROM node:24-alpine AS builder
WORKDIR /app

COPY package*.json ./
RUN npm ci

COPY . .
RUN npm run build

FROM node:24-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production

COPY --from=builder /app ./
COPY docker-entrypoint.sh /app/docker-entrypoint.sh
RUN chmod +x /app/docker-entrypoint.sh

# Create non-root user
RUN addgroup -g 1000 node && adduser -D -u 1000 -G node node
RUN chown -R node:node /app

USER node

EXPOSE 4173

ENTRYPOINT ["/app/docker-entrypoint.sh"]