# ============================================
# Vue 前端 Dockerfile (多阶段构建)
# 安全加固: 排除源码和配置文件
# ============================================

# 阶段 1: 构建
FROM node:18-alpine AS builder

WORKDIR /app

# 复制 package 文件并安装依赖
COPY frontend/package*.json ./
RUN npm ci

# 复制源代码并构建
COPY frontend/ ./
RUN npm run build

# 阶段 2: 运行 (Nginx)
FROM nginx:alpine

# 安装必要的工具
RUN apk add --no-cache curl

# 复制 Nginx 配置
COPY cicd-workflow/assets/nginx.conf /etc/nginx/conf.d/default.conf

# 复制构建好的前端文件（只复制 dist 内容）
COPY --from=builder /app/dist /usr/share/nginx/html

# 安全加固: 验证并删除可能存在的源码和配置文件
RUN find /usr/share/nginx/html -type f \( \
    -name "*.vue" -o \
    -name "*.config.js" -o \
    -name "*.config.ts" -o \
    -name "*.config.mjs" -o \
    -name "*.config.cjs" -o \
    -name "*.config.json" -o \
    -name "vite.config.*" -o \
    -name "webpack.config.*" -o \
    -name "babel.config.*" -o \
    -name "tailwind.config.*" -o \
    -name "postcss.config.*" -o \
    -name "eslint.config.*" -o \
    -name ".eslintrc.*" -o \
    -name ".prettierrc.*" -o \
    -name "*.map" \
    \) -delete && \
    echo "Security check: removed source and config files"

# 验证静态资源目录内容
RUN echo "=== Final static files ===" && \
    find /usr/share/nginx/html -type f | head -20

# 暴露端口
EXPOSE 80

# 健康检查
HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
    CMD curl -f http://localhost/ || exit 1

# 启动 Nginx
CMD ["nginx", "-g", "daemon off;"]
