# syntax = docker/dockerfile:1.2

#
# Build
#

FROM --platform=$BUILDPLATFORM public.ecr.aws/docker/library/node:krypton-alpine as build

WORKDIR /build

COPY . .

RUN --mount=type=secret,id=npmrc,target=.npmrc npm --no-audit --no-fund ci

RUN npm run compile

#
# Runtime
#

FROM --platform=$TARGETPLATFORM public.ecr.aws/docker/library/node:krypton-alpine as runtime

# Create non-root user and group
RUN addgroup -S appgroup && adduser -S appuser -G appgroup

WORKDIR /app

COPY --from=build \
  /build/tsconfig.json \
  /build/package.json \
  /build/package-lock.json \
  /build/dist \
  .

RUN --mount=type=secret,id=npmrc,target=.npmrc npm --no-audit --no-fund ci --omit=dev

# Change ownership of the app directory to the non-root user
RUN chown -R appuser:appgroup /app

# Switch to non-root user
USER appuser

ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
CMD ["node", "./src/index.js"]
