FROM node:lts-alpine

# 设置工作目录
# The WORKDIR instruction creates the directory if it doesn't exist
# and sets it as the current working directory.
# By default, it's created by root. We will chown contents later.
WORKDIR /app

# 复制package.json和package-lock.json
# The 'node' user and 'node' group are typically pre-defined in node alpine images with UID/GID 1000
COPY --chown=node:node package*.json ./

# 安装依赖
# Running npm install as root is common to ensure all global and local dependencies are installed correctly.
# The node_modules directory will be owned by root.
# If you need the node_modules to be owned by the node user,
# you could run npm install after USER node, but ensure /app is writable by node.
RUN npm install

# 复制源代码
COPY --chown=node:node . .

# 切换到 "node" 用户
USER node

# 暴露端口
EXPOSE 3000

# 启动命令
CMD ["npm", "start"]