# Workweaver Dashboard - Static Web Application
# ARM64-optimized for M1/M2 Mac and AWS Graviton
# Serves static HTML/CSS/JS assets via nginx

FROM nginx:alpine@sha256:f46cb72c7df02710e693e863a983ac42f6a9579058a59a35f1ae36c9958e4ce0

LABEL maintainer="workweaver-prod"
LABEL description="Workweaver dashboard - admin UI"

# Build arguments for security scanning
ARG SCAN_BUILD_DATE
ARG SCAN_VCS_REF

# Set labels for security metadata
LABEL org.opencontainers.image.created="${SCAN_BUILD_DATE}"
LABEL org.opencontainers.image.revision="${SCAN_VCS_REF}"
LABEL org.opencontainers.image.title="Workweaver Dashboard"

# Install curl for health check
RUN apk add --no-cache curl && rm -rf /var/cache/apk/*

# Remove default nginx static assets
RUN rm -rf /usr/share/nginx/html/*

# Copy dashboard static files from the dashboard build context.
# Note: archived pre-runtime HTML snapshots live under legacy/ and are not part
# of the active nginx runtime image.
COPY index.html manifest.webmanifest sw.js /usr/share/nginx/html/
COPY components/ /usr/share/nginx/html/components/
COPY admin/ /usr/share/nginx/html/admin/
COPY design-system/ /usr/share/nginx/html/design-system/
COPY js/ /usr/share/nginx/html/js/
COPY onboarding/ /usr/share/nginx/html/onboarding/
COPY runtime/ /usr/share/nginx/html/runtime/
COPY utils/ /usr/share/nginx/html/utils/
COPY nginx/default.conf /etc/nginx/conf.d/default.conf

# Copy custom nginx config for single-page app routing
# Expose port 80
EXPOSE 80

# Health check - check nginx is responding (200 or 3xx redirects are OK)
HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
    CMD curl -s -o /dev/null -w "%{http_code}" http://localhost/ | grep -qE "^(200|301|302|307|308)$" || exit 1

# nginx runs in foreground
CMD ["nginx", "-g", "daemon off;"]
