# ---------- Frontend ----------
FROM node:20-alpine AS fe
WORKDIR /src/frontend
COPY frontend/ ./
RUN npm ci && npm run build

# ---------- Backend ----------
FROM golang:1.22-alpine AS be
RUN apk add --no-cache ca-certificates upx
WORKDIR /src
COPY backend/ ./backend/
# copy built frontend assets into backend/web/dist for embedding
COPY --from=fe /src/frontend/dist ./backend/web/dist
WORKDIR /src/backend
RUN go mod download
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o /out/pegasus .
RUN upx -q /out/pegasus || true

# ---------- Runtime ----------
FROM gcr.io/distroless/static:nonroot
WORKDIR /
COPY --from=be /out/pegasus /pegasus
USER nonroot:nonroot
EXPOSE 8080
ENTRYPOINT ["/pegasus"]