FROM node:20-slim

# OpenSSL for potential native dependencies
RUN apt-get update -y && apt-get install -y openssl && rm -rf /var/lib/apt/lists/*

RUN corepack enable && corepack prepare pnpm@9.0.0 --activate

WORKDIR /app

COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
COPY apps/api/package.json apps/api/
COPY apps/web/package.json apps/web/
COPY apps/ai-service/package.json apps/ai-service/
COPY packages/database/package.json packages/database/
COPY packages/shared/package.json packages/shared/

RUN pnpm install --frozen-lockfile

COPY . .

# These are needed at build time: Next.js inlines NEXT_PUBLIC_* into client bundle
# INTERNAL_API_URL is used for rewrites (avoids conflict with .env's API_URL)
ARG INTERNAL_API_URL=http://api:3125
ARG NEXT_PUBLIC_SUPABASE_URL
ARG NEXT_PUBLIC_SUPABASE_ANON_KEY
ARG NEXT_PUBLIC_APP_URL=http://localhost:3080

ENV INTERNAL_API_URL=${INTERNAL_API_URL}
ENV NEXT_PUBLIC_SUPABASE_URL=${NEXT_PUBLIC_SUPABASE_URL}
ENV NEXT_PUBLIC_SUPABASE_ANON_KEY=${NEXT_PUBLIC_SUPABASE_ANON_KEY}
ENV NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL}

# Remove any .env files that Next.js/turbo might auto-load during build
# (they contain localhost URLs that override Docker env vars)
RUN rm -f .env .env.local .env.production apps/web/.env apps/web/.env.local apps/web/.env.production

# Debug: verify env vars before build
RUN echo "=== Build env: INTERNAL_API_URL=$INTERNAL_API_URL API_URL=$API_URL ==="

RUN pnpm build --filter=@coursecraft/web...

EXPOSE 3080
ENV PORT=3080
WORKDIR /app
CMD ["pnpm", "--filter", "@coursecraft/web", "start"]