# Base images pinned to exact patch for reproducible builds. Floating `:10.0` tags
# drift between machines; bump deliberately. (SDK 10.0.203 + runtime 10.0.8.)
FROM mcr.microsoft.com/dotnet/aspnet:10.0.8 AS base
WORKDIR /app
EXPOSE 8080
# curl for the compose healthcheck (aspnet image ships no wget/curl).
RUN apt-get update \
    && apt-get install -y --no-install-recommends curl \
    && rm -rf /var/lib/apt/lists/*

FROM mcr.microsoft.com/dotnet/sdk:10.0.203 AS build
WORKDIR /src
COPY ["SharepointToolbox.Web.csproj", "."]
RUN dotnet restore
COPY . .
# Do NOT add --no-restore here. The restore above runs with only the .csproj present
# (no source, no wwwroot); pairing that cached state with `publish --no-restore`
# silently drops the Blazor framework static assets (wwwroot/_framework/blazor.web.js)
# from the output → the boot script 404s and no interactive circuit starts on any page.
# Letting publish restore against the full project re-materializes them. (Reproduced;
# the early restore above is kept only to cache the NuGet layer.)
RUN dotnet publish -c Release -o /app/publish

FROM base AS final
WORKDIR /app
COPY --from=build /app/publish .

# Run as the non-root `app` user shipped in the aspnet image (UID 1654) instead of root.
# /data holds the crown jewels (Data Protection keys, app-only certs, the user store), so
# create it owned by `app` with 0700 before declaring the volume — Docker seeds a fresh
# named volume from the image path's ownership/mode, so the running user can write it and
# other host users can't read the keys/certs at rest.
RUN mkdir -p /data \
    && chown -R app:app /app /data \
    && chmod 700 /data
USER app

# Volume for persistent data (profiles, settings, templates, logs, exports)
VOLUME ["/data"]

ENV ASPNETCORE_URLS=http://+:8080
ENV DataFolder=/data

ENTRYPOINT ["dotnet", "SharepointToolbox.Web.dll"]
