# KollectAI CI - Frontend Builder Image
#
# Pre-baked build environment for SvelteKit frontend CI jobs and
# protobuf TypeScript code generation.
# Contains: Node.js, pnpm, buf CLI, @bufbuild/protoc-gen-es plugin
# (global so buf 'local: protoc-gen-es' resolves via PATH), Playwright
# system deps, ORAS CLI, common build tools.
#
# Build:
#   docker build -t 192.168.1.72/kollect-tools/ci/frontend-builder:latest ci/frontend-builder/
#
# Usage in CI:
#   container:
#     image: 192.168.1.72/kollect-tools/ci/frontend-builder:latest

ARG NODE_MAJOR=24
FROM node:${NODE_MAJOR}-bookworm-slim

ARG PNPM_VERSION=10.15.0
ARG BUF_VERSION=1.55.0
# Pin protoc-gen-es to a known-good version. The KollectAI-ETL CI
# workflow doesn't actually use this global install (it does
# `pnpm install` from proto/ to pick up the lockfile-pinned version)
# but we still bake it for ad-hoc use inside the container.
ARG PROTOC_GEN_ES_VERSION=2.12.0
ARG ORAS_VERSION=1.2.2

# ─────────────────────────────────────────────────────────────────────
# System dependencies
#
# The Playwright system libs (libnss3 ... libasound2) are pre-installed
# so test-e2e jobs can skip `playwright install --with-deps` and just
# run `playwright install chromium` (browser binary still cached at
# ~/.cache/ms-playwright in CI). Saves ~30s per E2E run.
# ─────────────────────────────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
        ca-certificates \
        curl \
        git \
        jq \
        unzip \
        # Playwright chromium runtime libs
        libasound2 \
        libatk1.0-0 \
        libatk-bridge2.0-0 \
        libcups2 \
        libdbus-1-3 \
        libdrm2 \
        libgbm1 \
        libnspr4 \
        libnss3 \
        libxcomposite1 \
        libxdamage1 \
        libxfixes3 \
        libxkbcommon0 \
        libxrandr2 \
    && rm -rf /var/lib/apt/lists/*

# ─────────────────────────────────────────────────────────────────────
# pnpm via corepack (ships with Node.js)
# ─────────────────────────────────────────────────────────────────────
RUN corepack enable \
    && corepack prepare "pnpm@${PNPM_VERSION}" --activate

# ─────────────────────────────────────────────────────────────────────
# buf CLI - single static binary, used for `buf lint` and `buf generate`
# ─────────────────────────────────────────────────────────────────────
RUN curl -fsSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION}/buf-Linux-x86_64" \
        -o /usr/local/bin/buf \
    && chmod +x /usr/local/bin/buf

# ─────────────────────────────────────────────────────────────────────
# protoc-gen-es - TypeScript codegen plugin for buf 'local:' references.
# Installed globally so it lands on PATH; buf v2 resolves
# `local: protoc-gen-es` via PATH lookup.
# ─────────────────────────────────────────────────────────────────────
RUN npm install -g "@bufbuild/protoc-gen-es@${PROTOC_GEN_ES_VERSION}"

# ─────────────────────────────────────────────────────────────────────
# ORAS CLI - for uploading artifacts (test reports, audit logs) to Harbor
# ─────────────────────────────────────────────────────────────────────
RUN curl -fsSL "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" \
    | tar -xz -C /usr/local/bin oras

WORKDIR /workspace

# Verify installation
RUN node --version \
    && pnpm --version \
    && buf --version \
    && protoc-gen-es --version \
    && oras version \
    && jq --version