# Multi-stage: build from source in a full development image, then run in a lightweight runtime
FROM photoprism/develop:260309-questing AS builder

# Harden npm usage by default (applies to npm ci / install in dev container)
ENV NPM_CONFIG_IGNORE_SCRIPTS=true

# Set working directory for build
WORKDIR "/go/src/github.com/photoprism/photoprism"

# Copy source
COPY . .
# Copy helper scripts (adjusted to build context path)
COPY --chown=root:root scripts/dist/ /scripts/

# Install additional tooling required by build (yt-dlp and others)
RUN /scripts/install-yt-dlp.sh

# Build the project for production. Bypass git-describe by providing a static BUILD_TAG and BUILD_VERSION
RUN BUILD_TAG=docker-build BUILD_VERSION=dev BUILD_DATE=20250101 make build-prod

# Install built artifacts to a staging directory for runtime
RUN DESTDIR=/build/photoprism make install

# Runtime stage: keep image lean and focused on running photoprism
FROM debian:bookworm-slim

# Minimal runtime environment
ENV NPM_CONFIG_IGNORE_SCRIPTS=true

RUN apt-get update && \
    apt-get install -y --no-install-recommends ca-certificates tzdata ffmpeg && \
    rm -rf /var/lib/apt/lists/*

# Copy built photoprism from builder
COPY --from=builder /build/photoprism /photoprism

# Create a non-root user to run the application
RUN useradd -m -u 1000 photoprism
RUN chown -R photoprism:photoprism /photoprism

USER photoprism
WORKDIR /photoprism

# Expose the default web port
EXPOSE 2342

# Run photoprism in foreground
CMD ["/photoprism/bin/photoprism","start"]