# syntax=docker/dockerfile:1

# Frontend: runs natively on build host
FROM --platform=$BUILDPLATFORM node:22-alpine AS frontend
ARG REGISTRY_TOKEN
WORKDIR /ui
COPY ui/package.json ui/package-lock.json ui/.npmrc ./
RUN --mount=type=cache,target=/root/.npm echo "//gitea.siegeln.net/api/packages/cameleer/npm/:_authToken=${REGISTRY_TOKEN}" >> .npmrc && npm ci
COPY ui/ .
RUN npm run build

# Maven build: runs natively on build host (no QEMU emulation)
FROM --platform=$BUILDPLATFORM eclipse-temurin:21-jdk-alpine AS build
WORKDIR /build
COPY .mvn/ .mvn/
COPY mvnw pom.xml ./
# Cache deps — BuildKit cache mount persists across --no-cache builds
RUN --mount=type=cache,target=/root/.m2/repository ./mvnw dependency:go-offline -U -B || true
COPY src/ src/
COPY --from=frontend /ui/dist/ src/main/resources/static/
RUN --mount=type=cache,target=/root/.m2/repository ./mvnw package -DskipTests -U -B

# Runtime: BellSoft Liberica JRE 21 on Alpaquita Linux (glibc, minimal, 199 MB)
FROM bellsoft/liberica-runtime-container:jre-21-slim-glibc
WORKDIR /app
RUN mkdir -p /data/jars && chown -R nobody:nobody /data /app
COPY --chown=nobody:nobody --from=build /build/target/*.jar app.jar
USER nobody
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "app.jar"]