FROM node:20-slim AS builder

USER root

RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*

WORKDIR /app

RUN git clone https://github.com/CorentinTh/enclosed

WORKDIR /app/enclosed

RUN npm install -g pnpm --ignore-scripts && \
    pnpm install --frozen-lockfile --ignore-scripts

RUN pnpm --filter @enclosed/crypto run build && \
    pnpm --filter @enclosed/lib run build && \
    pnpm --filter @enclosed/app-client run build && \
    pnpm --filter @enclosed/app-server run build:node

FROM node:20-slim

RUN apt-get update && apt-get install -y \
    git \
    git-lfs \
    bash \
    curl \
    wget \
    procps && rm -rf /var/lib/apt/lists/*

WORKDIR /app

RUN chown -R 1000 /app
COPY --chown=1000 sync-notes.js ./
COPY --chown=1000 ecosystem.config.js ./

RUN npm install -g pm2 && \
    npm install node-cron

COPY --from=builder /app/enclosed/packages/app-client/dist ./public
COPY --from=builder /app/enclosed/packages/app-server/dist-node/index.cjs ./index.cjs

RUN --mount=type=secret,id=DATA_REPO,mode=0444,required=true \
    git clone $(cat /run/secrets/DATA_REPO) ./.data

WORKDIR /app/.data

RUN --mount=type=secret,id=GIT_USERNAME,mode=0444,required=true \
    git config user.name $(cat /run/secrets/GIT_USERNAME)
    
RUN --mount=type=secret,id=GIT_EMAIL,mode=0444,required=true \
    git config user.email $(cat /run/secrets/GIT_EMAIL)

WORKDIR /app

RUN chown -R 1000 /app/.data
RUN chmod 777 /app/.data

USER 1000

EXPOSE 8787

CMD ["/bin/sh", "-c", "cd .data; git pull; cd ..; pm2-runtime ecosystem.config.js"]