# Stage 1: Dependencies
FROM node:18-alpine AS deps
WORKDIR /app

# 安装 pnpm
RUN npm install -g pnpm

# 安装 bash 和其他必要的工具
RUN apk add --no-cache libc6-compat bash

# 复制 package.json 和 pnpm-lock.yaml(如果有的话)
COPY package.json pnpm-lock.yaml* ./

# 安装依赖
RUN pnpm install --frozen-lockfile

# Stage 2: Builder
FROM node:18-alpine AS builder
WORKDIR /app

# 安装 pnpm 和 bash
RUN npm install -g pnpm
RUN apk add --no-cache bash

# 复制所有文件
COPY . .

# 复制 node_modules
COPY --from=deps /app/node_modules ./node_modules

# 构建应用
RUN pnpm build

# Stage 3: Runner
FROM node:18-alpine AS runner
WORKDIR /app

ENV NODE_ENV production

# 安装 bash
RUN apk add --no-cache bash 

# 创建非 root 用户
# RUN addgroup --system --gid 1001 nodejs
# RUN adduser --system --uid 1001 nextjs

# 创建非 root 用户和组
RUN addgroup -S -g 1001 nodejs && adduser -S -u 1001 -G nodejs nextjs

# 复制必要文件
COPY --from=builder /app/public ./public
COPY --from=builder --chown=nextjs:nodejs /app/.next ./.next
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./package.json

# 设置权限
RUN mkdir -p /app/public/uploads
RUN chown -R nextjs:nodejs /app/public
RUN chown -R nextjs:nodejs /app/public/uploads
# RUN chmod 2775 /app/public/uploads

# RUN usermod -a -G nodejs nextjs

# 临时提升权限以允许写入上传目录
USER root
RUN chmod 777 /app/public/uploads

# 设置 umask
# RUN echo "umask 0002" >> /home/nextjs/.bashrc

# 设置为非 root 用户
USER nextjs

# 暴露端口
EXPOSE 3000

ENV PORT 3000

# 使用 bash 启动应用
CMD ["/bin/bash", "-c", "node_modules/.bin/next start"]