# =============================================================================
# Build Stage
# =============================================================================
FROM node:20-alpine AS builder

WORKDIR /app

# Install dependencies first (better layer caching)
COPY package*.json ./
RUN npm ci

# Copy source and build
COPY tsconfig.json ./
COPY src ./src
RUN npm run build

# Prune dev dependencies
RUN npm prune --production

# =============================================================================
# Production Stage
# =============================================================================
FROM node:20-alpine AS production

# Security: run as non-root user
RUN addgroup -g 1001 -S nodejs && \
    adduser -S newsletter -u 1001

WORKDIR /app

# Copy built application
COPY --from=builder --chown=newsletter:nodejs /app/node_modules ./node_modules
COPY --from=builder --chown=newsletter:nodejs /app/dist ./dist
COPY --from=builder --chown=newsletter:nodejs /app/package.json ./

USER newsletter

# Set timezone (can be overridden via env)
ENV TZ=Europe/Warsaw

# Default command
CMD ["node", "dist/index.js"]