# syntax=docker/dockerfile:1.7

# ---- builder ----
FROM node:25-alpine AS builder

ENV ASTRO_TELEMETRY_DISABLED=1 \
    NODE_ENV=production \
    CI=true

WORKDIR /app

# Install deps in their own layer for better caching.
COPY package.json package-lock.json ./
RUN --mount=type=cache,target=/root/.npm \
    npm ci --include=dev

# Copy the rest of the source and build.
COPY . .
RUN npm run build

# ---- runtime ----
FROM caddy:2-alpine AS runtime

# Run as non-root.
RUN addgroup -S docs && adduser -S -G docs docs

WORKDIR /srv

COPY --from=builder /app/dist /srv
COPY Caddyfile /etc/caddy/Caddyfile

# caddy:2-alpine ships with a sane default user model; keep ports unprivileged.
EXPOSE 80

USER docs

CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]