# syntax=docker/dockerfile:1

# 1) 构建阶段：安装仅生产依赖
FROM node:22-bookworm-slim AS builder
WORKDIR /app
ENV NODE_ENV=production

# 仅复制依赖清单，提升缓存命中率
COPY package.json package-lock.json* ./

# 无锁文件时回退 npm install；并关闭审计/基金提示
RUN if [ -f package-lock.json ]; then \
      npm ci --omit=dev --no-audit --no-fund; \
    else \
      npm install --omit=dev --no-audit --no-fund; \
    fi

# 复制应用源码
COPY index.js ./index.js
COPY src ./src
COPY public ./public

# 2) 运行阶段：Debian 12 distroless（极简、无 Shell）
FROM gcr.io/distroless/nodejs22-debian12
WORKDIR /app
ENV NODE_ENV=production
COPY --from=builder /app /app

EXPOSE 8080
USER nonroot:nonroot

# distroless nodejs 以 node 为入口，传入脚本路径即可
CMD ["/app/index.js"]