FROM php:7.2.34-fpm-buster@sha256:cde8c998f1d61d48b56a5f68b9af07737ace947a79a29febaac9b2e26d3d2490

# Argumentos de build
ARG APP_ENV=production
ARG WWWGROUP=1002
ARG WWWUSER=1002

# Variáveis de ambiente
ENV APP_ENV=${APP_ENV} \
    COMPOSER_ALLOW_SUPERUSER=1 \
    COMPOSER_HOME=/composer \
    COMPOSER_MEMORY_LIMIT=-1

# Debian Buster foi arquivado - usar repositórios de arquivo
RUN sed -i 's/deb.debian.org/archive.debian.org/g' /etc/apt/sources.list \
    && sed -i 's|security.debian.org|archive.debian.org|g' /etc/apt/sources.list \
    && sed -i '/stretch-updates/d' /etc/apt/sources.list \
    && sed -i '/buster-updates/d' /etc/apt/sources.list \
    && echo "Acquire::Check-Valid-Until false;" > /etc/apt/apt.conf.d/99no-check-valid-until

RUN apt-get update && apt-get install -y --no-install-recommends \
    curl \
    unzip \
    git \
    libpq-dev \
    libpng-dev \
    libjpeg62-turbo-dev \
    libfreetype6-dev \
    libmagickwand-dev \
    imagemagick \
    libxml2-dev \
    libzip-dev \
    libicu-dev \
    libcurl4-openssl-dev \
    libssl-dev \
    zlib1g-dev \
    && rm -rf /var/lib/apt/lists/*

RUN docker-php-ext-configure gd \
        --with-freetype-dir=/usr/include/ \
        --with-jpeg-dir=/usr/include/ \
    && docker-php-ext-configure intl \
    && docker-php-ext-install -j$(nproc) \
        pdo \
        pdo_pgsql \
        pgsql \
        gd \
        xml \
        mbstring \
        intl \
        curl \
        zip \
        opcache \
        bcmath

RUN pecl install raphf-2.0.1 \
    && docker-php-ext-enable raphf \
    && pecl install propro-2.1.0 \
    && docker-php-ext-enable propro \
    && pecl install pecl_http-3.2.4 \
    && docker-php-ext-enable http \
    && pecl install imagick-3.4.4 \
    && docker-php-ext-enable imagick \
    && pecl clear-cache

RUN curl -sS https://getcomposer.org/installer | php -- \
        --install-dir=/usr/local/bin \
        --filename=composer \
        --version=2.2.21 \
    && composer --version

RUN groupadd --gid ${WWWGROUP} www \
    && useradd --uid ${WWWUSER} --gid www --shell /bin/bash --create-home www

RUN mkdir -p /var/www/html/storage/logs \
             /var/www/html/storage/framework/cache \
             /var/www/html/storage/framework/sessions \
             /var/www/html/storage/framework/views \
             /var/www/html/bootstrap/cache \
             /composer/cache \
    && chown -R www:www /var/www/html /composer

WORKDIR /var/www/html

# Usar usuário não-root
USER www

# Healthcheck para monitoramento
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
    CMD pidof php-fpm > /dev/null || exit 1

EXPOSE 9000

CMD ["php-fpm"]
