# syntax=docker/dockerfile:1

# ─── Stage 1: build static site (Astro SSG) ────────────────────────────────
FROM node:22-alpine AS build
WORKDIR /app

COPY package.json package-lock.json ./
RUN npm ci

# Security: npm audit для HIGH/CRITICAL CVE в зависимостях (warning-only).
RUN npm audit --audit-level=high --omit=dev 2>&1 | tee /tmp/npm-audit.log || true

COPY . .
RUN npm run build

# ─── Stage 2: nginx runtime ─────────────────────────────────────────────────
FROM nginx:1.29-alpine

RUN rm -rf /usr/share/nginx/html/*
COPY --from=build /app/dist /usr/share/nginx/html
COPY nginx.conf /etc/nginx/conf.d/default.conf

EXPOSE 80

HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
  CMD wget -q --spider http://127.0.0.1/ || exit 1
