# Build the public Fides client image(s): currently just
# `ethyca/fides-privacy-center`.
#
# Invoked from CI via `nox -s "push_fides_client(privacy_center, ...)"`
# (see `noxfiles/fides_publish_nox.py`). Build context is the repo root.

###################
## Frontend Base ##
###################
FROM node:24-alpine AS frontend

RUN apk add --no-cache libc6-compat

WORKDIR /fidesplus/clients

# Copy workspace manifests first so the `npm ci` layer caches on
# package-lock.json contents independent of source churn.
COPY clients/package.json clients/package-lock.json ./
COPY clients/fides-js/package.json ./fides-js/package.json
COPY clients/fidesui/package.json ./fidesui/package.json
COPY clients/admin-ui/package.json ./admin-ui/package.json
COPY clients/privacy-center/package.json ./privacy-center/package.json

RUN --mount=type=cache,target=/root/.npm \
    npm ci

COPY clients/ .

####################
## Built Frontend ##
####################
FROM frontend AS built_frontend

# IS_TEST enables test IDs in fides-js
ARG IS_TEST=false
ENV IS_TEST=$IS_TEST

# Stamp the version.json that clients/build-utils.js (and the fides-js
# rollup build) read. In the pre-monorepo layout this was copied from
# a backend Docker stage; we receive the version directly as a build
# arg from the nox `push_fides_client` session.
ARG FIDES_VERSION=0.0.0+docker
RUN echo "{\"version\": \"${FIDES_VERSION}\"}" > ./version.json

# turbo will build any workspace dependencies (fides-js, fidesui) along
# the way via the privacy-center dependency graph.
RUN --mount=type=cache,target=/fidesplus/clients/node_modules/.cache \
    --mount=type=cache,target=/fidesplus/clients/privacy-center/.next/cache \
    npm run build-privacy-center

###############################
## Production Privacy Center ##
###############################
FROM node:24-alpine AS prod_pc

WORKDIR /fidesplus/clients

ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1

RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs
USER nextjs

COPY --from=built_frontend --chown=nextjs:nodejs /fidesplus/clients .
WORKDIR /fidesplus/clients/privacy-center

EXPOSE 3000

CMD ["npm", "run", "start"]
