FROM node:20-alpine

WORKDIR /app

# Install OpenSSL for certificate generation
RUN apk add --no-cache openssl

COPY package*.json ./
RUN npm install --production

COPY *.js ./
COPY routes/ ./routes/
COPY openapi.yaml ./

# Note: Running as root because container needs Docker socket access
# (which is root-equivalent anyway). Socket access required for container management.

EXPOSE 3001

STOPSIGNAL SIGTERM

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
  CMD node -e "require('http').get('http://localhost:3001/health', (r) => { process.exit(r.statusCode === 200 ? 0 : 1); }).on('error', () => process.exit(1))"

CMD ["node", "server.js"]