# Stage 1 – Build Flutter web
FROM ghcr.io/cirruslabs/flutter:stable AS builder

WORKDIR /app

RUN useradd -m -u 10001 flutteruser
RUN chown -R flutteruser:flutteruser /sdks/flutter/bin/cache

COPY --chown=flutteruser:flutteruser pubspec.yaml pubspec.lock* ./
USER flutteruser
RUN git config --global --add safe.directory /sdks/flutter
RUN flutter pub get

COPY --chown=flutteruser:flutteruser . .

# Inject API base URL at build time via --dart-define.
# Default to same-origin /api to avoid mixed-content in HTTPS deployments.
ARG API_BASE_URL=/api
RUN flutter build web --release \
    --dart-define=API_BASE_URL=${API_BASE_URL}

# Stage 2 – Serve with Caddy
FROM caddy:alpine AS runner

ARG PORT=5000
ENV PORT=${PORT}

COPY --from=builder /app/build/web /usr/share/caddy
COPY Caddyfile /etc/caddy/Caddyfile

EXPOSE ${PORT}
CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]
