# ============================================
# Premium Valentine Website - Docker Image
# Production-Grade Multi-Stage Build
# ============================================

# Stage 1: Build Stage (Optional - for future minification)
FROM node:18-alpine AS builder

WORKDIR /app

# Copy source files
COPY index.html .
COPY style.css .
COPY script.js .
COPY README.md .

# Install minification tools (optional)
# RUN npm install -g cssnano-cli terser html-minifier

# Minify assets (uncomment when ready for production)
# RUN cssnano style.css style.min.css
# RUN terser script.js -o script.min.js -c -m
# RUN html-minifier --collapse-whitespace --remove-comments index.html -o index.min.html

# Stage 2: Production Stage
FROM nginx:1.25-alpine

# Install security updates
RUN apk update && \
    apk upgrade && \
    apk add --no-cache \
    ca-certificates \
    tzdata && \
    rm -rf /var/cache/apk/*

# Set timezone
ENV TZ=UTC

# Remove default nginx config and website
RUN rm -rf /etc/nginx/conf.d/default.conf && \
    rm -rf /usr/share/nginx/html/*

# Copy custom nginx configuration
COPY nginx.conf /etc/nginx/nginx.conf
COPY nginx-site.conf /etc/nginx/conf.d/default.conf

# Copy application files from builder stage
COPY --from=builder /app/index.html /usr/share/nginx/html/
COPY --from=builder /app/style.css /usr/share/nginx/html/
COPY --from=builder /app/script.js /usr/share/nginx/html/
COPY --from=builder /app/README.md /usr/share/nginx/html/

# Create non-root user for security
RUN addgroup -g 1001 -S nginx-app && \
    adduser -S -D -H -u 1001 -h /usr/share/nginx/html -s /sbin/nologin -G nginx-app -g nginx-app nginx-app

# Set proper permissions
RUN chown -R nginx-app:nginx-app /usr/share/nginx/html && \
    chown -R nginx-app:nginx-app /var/cache/nginx && \
    chown -R nginx-app:nginx-app /var/log/nginx && \
    chown -R nginx-app:nginx-app /etc/nginx/conf.d && \
    touch /var/run/nginx.pid && \
    chown -R nginx-app:nginx-app /var/run/nginx.pid

# Switch to non-root user
USER nginx-app

# Expose port
EXPOSE 8080

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD wget --quiet --tries=1 --spider http://localhost:8080/ || exit 1

# Labels for metadata
LABEL maintainer="Valentine Experience Team" \
      version="3.0.0" \
      description="Premium Valentine's Day Interactive Experience" \
      org.opencontainers.image.title="Valentine Experience" \
      org.opencontainers.image.description="Corporate-grade Valentine's Day web application" \
      org.opencontainers.image.version="3.0.0" \
      org.opencontainers.image.vendor="Valentine Experience Team"

# Start nginx
CMD ["nginx", "-g", "daemon off;"]