# Build context = poc/sf-native-spcs/src
# ---- build the React/MapLibre frontend (uses @vianova/ui from the GitLab registry) ----
FROM node:20-slim AS frontend
WORKDIR /fe
COPY frontend/package.json frontend/.npmrc ./
# Inject the GitLab read_api token only for `npm install`, via a BuildKit secret.
# Written to .npmrc and overwritten in the SAME layer → token never persists.
RUN --mount=type=secret,id=gitlab_npm_token \
    T="$(cat /run/secrets/gitlab_npm_token)" && \
    { echo "@vianova:registry=https://gitlab.com/api/v4/packages/npm/"; \
      echo "//gitlab.com/api/v4/packages/npm/:_authToken=${T}"; \
      echo "//gitlab.com/api/v4/projects/16624474/packages/npm/:_authToken=${T}"; } > .npmrc && \
    npm install && \
    echo "@vianova:registry=https://gitlab.com/api/v4/packages/npm/" > .npmrc
COPY frontend/ ./
RUN npm run build                 # → /fe/dist

# ---- backend image: FastAPI serving the API + the built frontend ----
FROM python:3.12-slim
WORKDIR /app
COPY backend/requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt
COPY backend/ ./
COPY --from=frontend /fe/dist ./static
EXPOSE 8000
CMD ["python", "main.py"]
