# syntax=docker/dockerfile:1

# Builder stage: build Zen Desktop from source using Node.js and Surfer
FROM node:20-bullseye-slim AS builder

WORKDIR /workspace

# Install build dependencies (Node, Python, compilers, git, etc.)
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
      git \
      python3 \
      python3-pip \
      build-essential \
      ca-certificates \
      curl \
      && rm -rf /var/lib/apt/lists/*

# Install Surfer CLI (used to build the project)
RUN npm i -g @zen-browser/surfer

# Copy manifests first to leverage cached layers (but also copy package.json for npm install)
COPY package.json ./

# Install Node.js dependencies (use npm install to support absence of package-lock.json)
RUN npm install

# Copy all source files
COPY . .

# Ensure Mach is executable if present (some environments may not preserve executable bits)
RUN [ -f engine/mach ] && chmod +x engine/mach || true

# Build the project from source
RUN npm run build

# Runtime stage: provide a lean runtime that can run the built app
FROM node:20-bullseye-slim AS runtime

# Create non-root user for security
RUN groupadd -r zen && useradd -r -g zen -d /home/zen -m zen

# Install runtime libraries that the built app may depend on
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
      ca-certificates \
      libx11-6 \
      libxext6 \
      libnss3 \
      libatk1.0-0 \
      libasound2 \
      libgbm1 \
      fonts-noto-color-emoji \
      && rm -rf /var/lib/apt/lists/*

# Switch to zen user for runtime execution
USER zen
WORKDIR /app

# Copy the built artifacts from the builder
COPY --from=builder /workspace /app

# Start the Zen Desktop app using the engine/mach script (best-effort: may be GUI app requires X11)
CMD ["bash","-lc","cd /app && ls -la engine && echo READY && python3 engine/mach --version || true"]