FROM node:20.12.2-slim

ENV NODE_ENV=production

# Install Chrome and dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates wget gnupg xvfb fonts-liberation \
    && wget -qO- https://dl.google.com/linux/linux_signing_key.pub \
    | gpg --dearmor -o /usr/share/keyrings/google-linux-signing-keyring.gpg \
    && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-linux-signing-keyring.gpg] https://dl.google.com/linux/chrome/deb/ stable main" \
    > /etc/apt/sources.list.d/google-chrome.list \
    && apt-get update \
    && apt-get install -y --no-install-recommends google-chrome-stable \
    && apt-get purge -y --auto-remove wget gnupg \
    && rm -rf /var/lib/apt/lists/*

RUN corepack enable

# Create a non-root user for running the app
RUN useradd --create-home --home-dir /app --shell /bin/sh appuser

# Set working directory
WORKDIR /app

# Entrypoint script
COPY docker-entrypoint.sh /usr/local/bin/
RUN chmod 755 /usr/local/bin/docker-entrypoint.sh

# Copy and install dependencies
COPY --chown=appuser:appuser package.json pnpm-lock.yaml ./
USER appuser
RUN corepack prepare pnpm@9.0.0 --activate \
    && pnpm install --frozen-lockfile --prod \
    && pnpm store prune

# Copy app code
COPY --chown=appuser:appuser . .

# Expose port (match your app's port)
EXPOSE 10000

# Start Xvfb and run the bot
CMD ["/usr/local/bin/docker-entrypoint.sh"]