Vector/apps/api/Dockerfile

# syntax=docker/dockerfile:1.7

# ---------- build ----------
FROM node:22-alpine AS build
RUN apk add --no-cache openssl
RUN corepack enable && corepack prepare pnpm@10.33.0 --activate
WORKDIR /repo

# Manifests first for cache-friendly installs.
COPY pnpm-workspace.yaml pnpm-lock.yaml package.json ./
COPY apps/api/package.json        ./apps/api/
COPY apps/web/package.json        ./apps/web/
COPY apps/e2e/package.json        ./apps/e2e/
COPY packages/db/package.json     ./packages/db/
COPY packages/shared/package.json ./packages/shared/
COPY packages/ui/package.json     ./packages/ui/
COPY packages/config/package.json ./packages/config/
RUN pnpm install --frozen-lockfile

COPY . .

RUN pnpm -C packages/db     exec prisma generate \
 && pnpm -C packages/shared build \
 && pnpm -C packages/db     build \
 && pnpm -C apps/api        build

# Point workspace package.json "main/exports" at compiled JS so Node
# (ESM) resolves dist/ at runtime instead of the original .ts sources.
RUN for p in packages/db packages/shared; do \
      node -e "const fs=require('fs');const j=JSON.parse(fs.readFileSync('$p/package.json'));j.main='./dist/index.js';j.types='./dist/index.d.ts';j.exports={'.':{types:'./dist/index.d.ts',default:'./dist/index.js'}};fs.writeFileSync('$p/package.json',JSON.stringify(j,null,2));" ; \
    done

# ---------- runtime ----------
FROM node:22-alpine
RUN apk add --no-cache openssl wget
RUN corepack enable && corepack prepare pnpm@10.33.0 --activate
WORKDIR /app

COPY --from=build /repo /app

ENV NODE_ENV=production
ENV PORT=3001
EXPOSE 3001

HEALTHCHECK --interval=30s --timeout=5s --start-period=20s --retries=3 \
  CMD wget -qO- http://localhost:3001/healthz || exit 1

WORKDIR /app/apps/api
# Apply migrations → seed default admin on empty DB → start API.
# Override the default admin credentials via SEED_ADMIN_{USERNAME,PASSWORD,EMAIL}.
CMD ["sh", "-c", "pnpm -C ../../packages/db exec prisma migrate deploy && node ../../packages/db/ensure-admin.mjs && node dist/index.js"]