FROM node:12-bullseye-slim

# Install essential system dependencies for building native modules
RUN apt-get update && \
    apt-get install -y --no-install-recommends git ca-certificates python3 build-essential && \
    rm -rf /var/lib/apt/lists/*

WORKDIR /app

# Copy package manifests first to leverage npm ci caching
COPY package.json package-lock.json ./

RUN npm ci

# Copy the rest of the source code
COPY . .

# Build the project from source
RUN npm run build

# Create a non-root user for running the app
RUN useradd -m -s /bin/sh app
RUN chown -R app:app /app

USER app

WORKDIR /app

# Expose nothing by default; container will run a shell for inspection
CMD ["/bin/sh"]