# syntax=docker/dockerfile:1
#
# Self-hosted LiveSync CLI — Docker image
#
# Build (from the repository root):
#   docker build -f src/apps/cli/Dockerfile -t livesync-cli .
#
# Run:
#   docker run --rm -v /path/to/your/vault:/data livesync-cli sync
#   docker run --rm -v /path/to/your/vault:/data livesync-cli ls
#   docker run --rm -v /path/to/your/vault:/data livesync-cli init-settings
#   docker run --rm -v /path/to/your/vault:/data livesync-cli --help
#
# The first positional argument (database-path) is automatically set to /data.
# Mount your vault at /data, or override with: -e LIVESYNC_DB_PATH=/other/path
#
# P2P (WebRTC) networking — important notes
# -----------------------------------------
# The P2P replicator (p2p-host / p2p-sync / p2p-peers) uses WebRTC, which
# generates ICE candidates of three kinds:
#
#   host   — the container's bridge IP (172.17.x.x).  Unreachable from outside
#             the Docker bridge, so LAN peers cannot connect via this candidate.
#   srflx  — the host's public IP, obtained via STUN reflection.  Works fine
#             over the internet even with the default bridge network.
#   relay  — traffic relayed through a TURN server.  Always reachable regardless
#             of network mode.
#
# Recommended network modes per use-case:
#
#   LAN P2P (Linux only)
#     docker run --network host ...
#     This exposes the real host IP as the 'host' candidate so LAN peers can
#     connect directly.  --network host is not available on Docker Desktop for
#     macOS or Windows.
#
#   LAN P2P (macOS / Windows Docker Desktop)
#     Configure a TURN server in settings (P2P_turnServers / P2P_turnUsername /
#     P2P_turnCredential).  All data is then relayed through the TURN server,
#     bypassing the bridge-network limitation.
#
#   Internet P2P
#     Default bridge network is sufficient; the srflx candidate carries the
#     host's public IP and peers can connect normally.
#
#   CouchDB sync only (no P2P)
#     Default bridge network.  No special configuration required.

# ─────────────────────────────────────────────────────────────────────────────
#  Stage 1 — builder
#  Full Node.js environment to compile native modules and bundle the CLI.
# ─────────────────────────────────────────────────────────────────────────────
FROM node:22-slim AS builder

# Build tools required by native Node.js addons (mainly leveldown)
RUN apt-get update \
    && apt-get install -y --no-install-recommends python3 make g++ \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /build

# Install workspace dependencies first (layer-cache friendly)
COPY package.json ./
RUN npm install

# Copy the full source tree and build the CLI bundle
COPY . .
RUN cd src/apps/cli && npm run build

# ─────────────────────────────────────────────────────────────────────────────
#  Stage 2 — runtime-deps
#  Install only the external (unbundled) packages that the CLI requires at
#  runtime.  Native addons are compiled here against the same base image that
#  the final runtime stage uses.
# ─────────────────────────────────────────────────────────────────────────────
FROM node:22-slim AS runtime-deps

# Build tools required to compile native addons
RUN apt-get update \
    && apt-get install -y --no-install-recommends python3 make g++ \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /deps

# runtime-package.json lists only the packages that Vite leaves external
COPY src/apps/cli/runtime-package.json ./package.json
RUN npm install --omit=dev

# ─────────────────────────────────────────────────────────────────────────────
#  Stage 3 — runtime
#  Minimal image: pre-compiled native modules + CLI bundle only.
#  No build tools are included, keeping the image small.
# ─────────────────────────────────────────────────────────────────────────────
FROM node:22-slim

WORKDIR /app

# Copy pre-compiled external node_modules from runtime-deps stage
COPY --from=runtime-deps /deps/node_modules ./node_modules

# Copy the built CLI bundle from builder stage
COPY --from=builder /build/src/apps/cli/dist ./dist

# Install entrypoint wrapper
COPY src/apps/cli/docker-entrypoint.sh /usr/local/bin/livesync-cli
RUN chmod +x /usr/local/bin/livesync-cli

# Mount your vault / local database directory here
VOLUME ["/data"]

ENTRYPOINT ["livesync-cli"]
