# KollectAI CI - Frontend Builder Image
#
# Pre-baked build environment for SvelteKit frontend CI jobs and
# protobuf TypeScript code generation.
# Contains: Node.js, pnpm, buf CLI, @bufbuild/protoc-gen-es plugin
# (global so buf 'local: protoc-gen-es' resolves via PATH), Playwright
# (chromium browser binary + system deps), ORAS CLI, common build tools.
#
# Build:
#   docker build -t 192.168.1.72/kollect-tools/ci/frontend-builder:latest ci/frontend-builder/
#
# Usage in CI:
#   container:
#     image: 192.168.1.72/kollect-tools/ci/frontend-builder:latest

ARG NODE_MAJOR=24
FROM node:${NODE_MAJOR}-bookworm-slim

ARG PNPM_VERSION=10.15.0
ARG BUF_VERSION=1.55.0
# Pin protoc-gen-es to a known-good version. The KollectAI-ETL CI
# workflow doesn't actually use this global install (it does
# `pnpm install` from proto/ to pick up the lockfile-pinned version)
# but we still bake it for ad-hoc use inside the container.
ARG PROTOC_GEN_ES_VERSION=2.12.0
ARG ORAS_VERSION=1.2.2
# Pin Playwright in lockstep with frontend/svelte/package.json's
# @playwright/test version. If the project uses a different patch level,
# Playwright re-downloads the right browser at runtime; matching here
# means CI hits the prebaked browser cache and skips the download.
ARG PLAYWRIGHT_VERSION=1.59.1

# Install Playwright browsers under a known global path so they survive
# across containers and so `pnpm exec playwright install` reuses them.
ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright

# ─────────────────────────────────────────────────────────────────────
# System dependencies (Playwright chromium runtime libs included so the
# browser launches without `playwright install --with-deps`)
# ─────────────────────────────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
        ca-certificates \
        curl \
        git \
        jq \
        unzip \
        libasound2 \
        libatk1.0-0 \
        libatk-bridge2.0-0 \
        libcups2 \
        libdbus-1-3 \
        libdrm2 \
        libgbm1 \
        libnspr4 \
        libnss3 \
        libxcomposite1 \
        libxdamage1 \
        libxfixes3 \
        libxkbcommon0 \
        libxrandr2 \
        fonts-liberation \
        fonts-noto-core \
        fontconfig \
    && rm -rf /var/lib/apt/lists/*

# ─────────────────────────────────────────────────────────────────────
# pnpm via corepack (ships with Node.js)
# ─────────────────────────────────────────────────────────────────────
RUN corepack enable \
    && corepack prepare "pnpm@${PNPM_VERSION}" --activate

# Make pnpm's global-install bin dir authoritative on PATH so `pnpm add -g`
# installs land in a known location and their binaries resolve without
# extra setup. (pnpm setup is interactive — this is the non-interactive
# equivalent.)
ENV PNPM_HOME=/root/.local/share/pnpm
ENV PATH="${PNPM_HOME}:${PATH}"

# ─────────────────────────────────────────────────────────────────────
# buf CLI - single static binary, used for `buf lint` and `buf generate`
# ─────────────────────────────────────────────────────────────────────
RUN curl -fsSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION}/buf-Linux-x86_64" \
        -o /usr/local/bin/buf \
    && chmod +x /usr/local/bin/buf

# ─────────────────────────────────────────────────────────────────────
# protoc-gen-es - TypeScript codegen plugin for buf 'local:' references.
# Installed via pnpm into $PNPM_HOME so the binary lands on PATH; buf v2
# resolves `local: protoc-gen-es` via PATH lookup.
# ─────────────────────────────────────────────────────────────────────
RUN pnpm add -g "@bufbuild/protoc-gen-es@${PROTOC_GEN_ES_VERSION}"

# ─────────────────────────────────────────────────────────────────────
# ORAS CLI - for uploading artifacts (test reports, audit logs) to Harbor
# ─────────────────────────────────────────────────────────────────────
RUN curl -fsSL "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" \
    | tar -xz -C /usr/local/bin oras

# ─────────────────────────────────────────────────────────────────────
# Playwright + chromium browser binary
#
# Browsers go to /ms-playwright (PLAYWRIGHT_BROWSERS_PATH set above) so
# CI's `pnpm exec playwright install chromium` finds the prebaked binary
# and skips the ~170MB download. System libs are already installed at
# the top of the file, so we use bare `playwright install chromium`
# (no --with-deps).
#
# `pnpm dlx` is a one-shot — pnpm fetches the package into its store,
# executes the install command, and cleans up. The browser binary
# itself persists at PLAYWRIGHT_BROWSERS_PATH, which is the only piece
# we actually need at runtime.
# ─────────────────────────────────────────────────────────────────────
RUN pnpm dlx "playwright@${PLAYWRIGHT_VERSION}" install chromium

WORKDIR /workspace

# Verify installation
RUN node --version \
    && pnpm --version \
    && buf --version \
    && protoc-gen-es --version \
    && oras version \
    && jq --version \
    && ls "${PLAYWRIGHT_BROWSERS_PATH}"