ARG IMAGE_VERSION
FROM docker.io/rockdrilla/angie-conv:${IMAGE_VERSION}-deps AS deps

## ---

FROM deps AS pycache
SHELL [ "/bin/sh", "-ec" ]

COPY /scripts/*        /usr/local/sbin/
COPY /scripts-extra/*  /usr/local/sbin/

COPY /j2cfg/ /usr/local/lib/j2cfg/

ENV PYTHONDONTWRITEBYTECODE=''

## Python cache preseed

RUN python3 -m compileall -q -j 2 /usr/local/lib/j2cfg/

RUN libpython="${PYTHON_SITE_PACKAGES%/*}" ; \
    find "${libpython}/" -mindepth 1 -maxdepth 1 -printf '%P\0' \
    | sed -zEn \
      -e '/^(collections|concurrent|encodings|importlib|json|logging|multiprocessing|re|tomllib|urllib)$/p' \
    | sort -zV \
    | env -C "${libpython}" xargs -0r \
      python3 -m compileall -q -j 2 ; \
    find "${PYTHON_SITE_PACKAGES}/" -mindepth 1 -maxdepth 1 -printf '%P\0' \
    | sed -zE \
      -e '/\.(dist-info|pth|txt)$/d' \
      -e '/^pip$/d' \
    | sort -zV \
    | env -C "${PYTHON_SITE_PACKAGES}" xargs -0r \
      python3 -m compileall -q -j 2

## Python cache warmup
RUN env -C /usr/local/lib/j2cfg/j2cfg j2cfg-single test.j2 -

WORKDIR /pycache
RUN find /usr/local/ -type f -name '*.py[co]' -printf '%P\0' \
    | sort -zV \
    | tar -C /usr/local --null -T - -cf - \
    | tar -xf -

## Python cache adjustments
RUN d="@$(date '+%s')" ; \
    find /pycache/ -mindepth 1 -exec touch -m -d "$d" {} +

## ---

FROM deps
SHELL [ "/bin/sh", "-ec" ]

## NB: NGX_DEBUG is set via build script

COPY /Dockerfile /usr/local/share/

COPY /j2cfg/ /usr/local/lib/j2cfg/

## RFC: Python cache
COPY --from=pycache /pycache/  /usr/local/

ENV ANGIE_MODULES_DIR=/usr/lib/angie/modules

COPY /scripts/* /usr/local/bin/
## fixup
RUN mv /usr/local/bin/angie /usr/local/sbin/

RUN _UID=333 _GID=333 ; \
    echo "angie:x:${_UID}:${_GID}:Angie:/etc/angie:/bin/false" >> /etc/passwd ; \
    echo "angie:x:${_GID}:" >> /etc/group ; \
    echo 'angie:!:::::::' >> /etc/shadow

COPY /apt/sources.angie  /etc/apt/sources.list.d/angie.sources

RUN apt-install.sh \
      angie \
      angie-console-light \
    ; \
    apt-mark hold angie angie-console-light ; \
    apt-clean.sh ; \
    ## verify Angie layout
    [ -d "${ANGIE_MODULES_DIR}" ] ; \
    n='/usr/sbin/angie' ; \
    [ -h "$n" ] ; \
    [ -x "$n-debug" ] ; \
    [ -x "$n-nodebug" ] ; \
    ## adjust Angie binaries
    rm -fv "$n" ; \
    if [ "${NGX_DEBUG}" = 0 ] ; then \
        rm -fv "$n-debug" ; \
        mv -fv "$n-nodebug" "$n" ; \
    else \
        rm -fv "$n-nodebug" ; \
        mv -fv "$n-debug" "$n" ; \
    fi

## copy directory structure
COPY /angie/ /etc/angie.dist/
RUN ln -sv "${ANGIE_MODULES_DIR}" /etc/angie.dist/modules

## preserve snippets from Angie config directory
## ref: https://git.angie.software/web-server/angie/src/tag/Angie-1.9.1/conf
RUN d=/etc/angie ; \
    tar -C "$d" -cf - \
      fastcgi_params \
      fastcgi.conf \
      mime.types \
      prometheus_all.conf \
      scgi_params \
      uwsgi_params \
    | tar -C "$d.dist/snip" -xf -

## flush default directory
RUN rm -rf /etc/angie ; \
    mkdir /etc/angie

## /angie/ is persistence store (if any)
## /run/ngx/ is runtime volume
RUN install -d -o angie -g angie -m 03777 /angie /run/ngx
VOLUME [ "/run/ngx" ]

## adjust paths across filesystem
RUN for d in cache lib log ; do \
        rm -rfv "/var/$d/angie" ; \
        ln -sv "/run/ngx/$d" "/var/$d/angie" ; \
    done

## special empty directory
RUN d='/var/lib/empty' ; \
    rm -rf "$d" ; \
    if [ -d "$d" ] ; then ls -ld "$d" ; exit 1 ; fi ; \
    install -d -m 0555 "$d"

## prepare DH params for TLS
## NB: disabled in pipeline for now
## reason: too slow (and too much effort)
# RUN cd /etc/angie.dist/tls || exit 1 ; \
#     openssl-generate-dh-bundle.sh

## future quirk for angie-module-modsecurity >:)
## a bit better config is here:
##   /etc/angie.dist/modsecurity/rules.conf
RUN x='/etc/angie/modsecurity/rules.conf' ; \
    dpkg-divert --divert "$x.dist" --rename "$x"

## preseed builtin modules list
RUN x='angie-builtin-modules.sh' ; \
    "$x" ; \
    rm -fv "$(which "$x")"

## install relatively lightweight modules
RUN mkdir -p /etc/angie/mod ; \
    apt-install-angie-mod.sh \
      brotli \
      cache-purge \
      echo \
      geoip2 \
      headers-more \
      njs-light \
      subs \
      upload \
      zip \
      zstd \
    ; \
    apt-clean.sh ; \
    ## move fresh configs to appropriate location
    find /etc/angie/mod/ -mindepth 1 -exec mv -nvt /etc/angie.dist/mod {} + ; \
    rm -rfv /etc/angie/mod

## adjust permissions/ownership
RUN chown -hR 0:0 /etc/angie.dist /etc/angie ; \
    find /etc/angie.dist/ /etc/angie/ -name .gitkeep -type f -delete ; \
    find /etc/angie.dist/ /etc/angie/ -type d -exec chmod 0755 {} + ; \
    find /etc/angie.dist/ /etc/angie/ -type f -exec chmod 0644 {} +

## image-entry.sh is placed into /usr/local/bin/ to allow custom entrypoint/chaining:
## - there's no need to change ENTRYPOINT/CMD
## - custom entrypoint should be placed in /usr/local/sbin/
## - custom entrypoint should "exec" /usr/local/bin/image-entry.sh
## hovewer, this is discouraged (and this trick may be removed in future)
COPY /image-entry.sh  /usr/local/bin/
COPY /image-entry.d/  /image-entry.dist/

## further customization
RUN install -d /image-entry

## must be bind-mounted only for local customization/overrides!
# RUN install -d /image-entry.local

## misc defaults
ENV MALLOC_ARENA_MAX=4

STOPSIGNAL SIGQUIT

ENTRYPOINT [ "image-entry.sh" ]
CMD [ "angie" ]