FROM node:23.7.0-alpine

# Install dependencies with versions
RUN apk add --no-cache \
    redis \
    mariadb \
    mariadb-client \
    tmux

# Create non-root user
RUN addgroup -S appgroup && adduser -S appuser -G appgroup

# Setup MariaDB
RUN mkdir -p /run/mysqld /var/lib/mysql && \
    chown -R mysql:mysql /run/mysqld && \
    chown -R mysql:mysql /var/lib/mysql && \
    mariadb-install-db --user=mysql --datadir=/var/lib/mysql && \
    chmod 777 /run/mysqld

WORKDIR /usr/src/app
COPY package*.json ./
COPY docker-start.sh ./start.sh
COPY . .

RUN npm ci --only=production && \
    chmod +x ./start.sh && \
    chown -R appuser:appgroup .

# Grant necessary permissions to appuser
RUN adduser appuser mysql && \
    chmod 777 /var/lib/mysql

USER appuser

EXPOSE 80 6379 3306

HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD mariadb-admin ping -h localhost || exit 1

CMD ["./start.sh"]