# Workweaver Dashboard - Static Web Application
# ARM64-optimized for M1/M2 Mac and AWS Graviton
# Serves static HTML/CSS/JS assets via nginx

FROM nginx:alpine@sha256:f46cb72c7df02710e693e863a983ac42f6a9579058a59a35f1ae36c9958e4ce0

LABEL maintainer="workweaver-prod"
LABEL description="Workweaver dashboard - admin UI"

# Build arguments for security scanning
ARG SCAN_BUILD_DATE
ARG SCAN_VCS_REF

# Set labels for security metadata
LABEL org.opencontainers.image.created="${SCAN_BUILD_DATE}"
LABEL org.opencontainers.image.revision="${SCAN_VCS_REF}"
LABEL org.opencontainers.image.title="Workweaver Dashboard"

# Install curl for health check
RUN apk add --no-cache curl && rm -rf /var/cache/apk/*

# Remove default nginx static assets
RUN rm -rf /usr/share/nginx/html/*

# Copy dashboard static files. Build context is the repo root (set in
# docker-compose.complete.yml) so the Dockerfile can also reach apps/shared/,
# which is needed to materialize the zara-experience symlinks below.
# Note: archived pre-runtime HTML snapshots live under apps/dashboard/legacy/
# and are not part of the active nginx runtime image.
COPY apps/dashboard/index.html apps/dashboard/manifest.webmanifest apps/dashboard/sw.js /usr/share/nginx/html/
COPY apps/dashboard/components/ /usr/share/nginx/html/components/
COPY apps/dashboard/admin/ /usr/share/nginx/html/admin/
COPY apps/dashboard/design-system/ /usr/share/nginx/html/design-system/
COPY apps/dashboard/css/ /usr/share/nginx/html/css/
COPY apps/dashboard/js/ /usr/share/nginx/html/js/
COPY apps/dashboard/onboarding/ /usr/share/nginx/html/onboarding/
COPY apps/dashboard/runtime/ /usr/share/nginx/html/runtime/
COPY apps/dashboard/utils/ /usr/share/nginx/html/utils/

# Materialize zara-experience assets that live in apps/shared/ but are
# referenced from apps/dashboard/components/zara-experience/ via relative
# symlinks (widget.js, widget.css, components/plan-card.js). The COPY of
# components/ above brings the symlinks along as symlinks; if we COPY the
# real file onto a symlinked destination, Docker writes through the symlink
# (to a path outside the docroot) instead of replacing it. Remove the
# symlinks first, then COPY the real files into the now-empty paths.
RUN rm -f /usr/share/nginx/html/components/zara-experience/widget.js \
          /usr/share/nginx/html/components/zara-experience/widget.css \
          /usr/share/nginx/html/components/zara-experience/components/plan-card.js
COPY apps/shared/zara-experience/widget.js /usr/share/nginx/html/components/zara-experience/widget.js
COPY apps/shared/zara-experience/widget.css /usr/share/nginx/html/components/zara-experience/widget.css
COPY apps/shared/zara-experience/components/plan-card.js /usr/share/nginx/html/components/zara-experience/components/plan-card.js

COPY apps/dashboard/nginx/default.conf /etc/nginx/conf.d/default.conf

# Copy custom nginx config for single-page app routing
# Expose port 80
EXPOSE 80

# Health check - check nginx is responding (200 or 3xx redirects are OK)
HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
    CMD curl -s -o /dev/null -w "%{http_code}" http://localhost/ | grep -qE "^(200|301|302|307|308)$" || exit 1

# nginx runs in foreground
CMD ["nginx", "-g", "daemon off;"]
