FROM node:23.7.0-alpine

# Install dependencies with versions
RUN apk add --no-cache \
    redis \
    mariadb \
    mariadb-client \
    tmux \
    mariadb-server-utils \
    mariadb-connector-c

# Create non-root user
RUN addgroup -S appgroup && adduser -S appuser -G appgroup

# Setup MariaDB with proper permissions
RUN mkdir -p /run/mysqld /var/lib/mysql /var/log/mysql && \
    chown -R mysql:mysql /run/mysqld && \
    chown -R mysql:mysql /var/lib/mysql && \
    chown -R mysql:mysql /var/log/mysql && \
    chmod 777 /run/mysqld && \
    chmod 777 /var/lib/mysql && \
    chmod 777 /var/log/mysql && \
    mysql_install_db --user=mysql --datadir=/var/lib/mysql && \
    touch /var/log/mysql/error.log && \
    chown mysql:mysql /var/log/mysql/error.log && \
    chmod 666 /var/log/mysql/error.log

WORKDIR /usr/src/app
COPY package*.json ./
COPY start.sh ./start.sh
COPY . .

RUN npm ci --only=production && \
    chmod +x ./start.sh && \
    chown -R appuser:appgroup .

# Grant necessary permissions to appuser
RUN adduser appuser mysql && \
    chmod 755 /var/lib/mysql && \
    mkdir -p /var/log/mysql && \
    chown -R mysql:mysql /var/log/mysql && \
    touch /var/log/mysql/error.log && \
    chown mysql:mysql /var/log/mysql/error.log

# Grant necessary permissions to appuser
RUN adduser appuser mysql && \
# Give full access to mysql directories
chmod -R 777 /var/lib/mysql && \
chmod -R 777 /run/mysqld && \
chmod -R 777 /var/log/mysql

USER appuser

EXPOSE 80 6379 3306

HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD mariadb-admin ping -h localhost || exit 1

CMD ["./start.sh"]