FROM node:18-alpine

LABEL maintainer="tankwar-team"
LABEL description="Content Security Microservice for UGC moderation"

WORKDIR /app

# Copy package files and install dependencies
COPY package.json package-lock.json* ./
RUN npm install --omit=dev --no-audit --no-fund && \
    npm cache clean --force

# Copy service code
COPY index.js ./
COPY services/ ./services/

# Expose HTTP port
EXPOSE 3000

# Environment defaults
ENV NODE_ENV=production \
    HOST=0.0.0.0 \
    PORT=3000

# Graceful shutdown & init for PID 1
RUN apk add --no-cache tini
ENTRYPOINT ["/sbin/tini", "--"]

# Health check
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
  CMD wget -qO- http://localhost:3000/api/health || exit 1

CMD ["node", "index.js"]
