FROM node:23.7.0-alpine

# Install dependencies and setup environment in a single layer
RUN npm install -g npm@11.1.0 && \
    apk add --no-cache \
        redis \
        mariadb \
        mariadb-client \
        tmux \
        mariadb-server-utils \
        mariadb-connector-c && \
    # Create non-root user and groups
    addgroup -S appgroup && \
    adduser -S appuser -G appgroup && \
    adduser appuser mysql && \
    # Setup MariaDB directories and permissions
    mkdir -p /run/mysqld /var/lib/mysql /var/log/mysql && \
    chown -R mysql:mysql /run/mysqld /var/lib/mysql /var/log/mysql && \
    chmod 755 /run/mysqld /var/lib/mysql /var/log/mysql && \
    mysql_install_db --user=mysql --datadir=/var/lib/mysql && \
    touch /var/log/mysql/error.log && \
    chown mysql:mysql /var/log/mysql/error.log && \
    chmod 644 /var/log/mysql/error.log

WORKDIR /usr/src/app

# Copy application files
COPY package*.json ./
COPY start.sh ./start.sh
COPY . .

# Setup application permissions
RUN npm ci --only=production && \
    chmod +x ./start.sh && \
    chown -R appuser:appgroup .

USER appuser

EXPOSE 80 6379 3306

HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD mariadb-admin ping -h localhost || exit 1

CMD ["./start.sh"]