FROM docker.io/rockdrilla/postgresql:base-v1 AS base

## ---

FROM base AS certs
SHELL [ "/bin/sh", "-ec" ]

COPY /scripts/*        /usr/local/sbin/
COPY /extra-scripts/*  /usr/local/sbin/

## consult https://github.com/certifi/python-certifi/
ENV CERTIFI_COMMIT=bd8153872e9c6fc98f4023df9c2deaffea2fa463

RUN apt-install.sh ca-certificates curl ; \
    apt-clean.sh ; \
    ## process certifi
    ca_file='/etc/ssl/certs/ca-certificates.crt' ; \
    ls -l "${ca_file}" ; \
    certifi-extras.sh ; \
    openssl-cert-fingerprint.sh "${ca_file}" | sort -uV > "${ca_file}.fp" ; \
    chmod 0444 "${ca_file}" "${ca_file}.fp" ; \
    ls -l "${ca_file}" "${ca_file}.fp"

## ---

FROM base AS apt-gpg
SHELL [ "/bin/sh", "-ec" ]

COPY /scripts/*        /usr/local/sbin/
COPY /extra-scripts/*  /usr/local/sbin/

COPY --from=certs /etc/ssl/certs/ca-certificates.*  /etc/ssl/certs/

ADD https://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc  /tmp/pgdg.gpg.bin
ADD https://packagecloud.io/citusdata/community/gpgkey     /tmp/citus.gpg.bin

## process GPG keyrings
RUN pkg='gnupg' ; \
    apt-install.sh ${pkg} ; \
    gpg-export.sh /tmp/pgdg.gpg.bin /etc/apt/keyrings/pgdg.gpg.asc ; \
    gpg-export.sh /tmp/citus.gpg.bin /etc/apt/keyrings/citus.gpg.asc ; \
    apt-remove.sh ${pkg}

COPY /apt/sources.pgdg   /etc/apt/sources.list.d/pgdg.sources
COPY /apt/sources.citus  /etc/apt/sources.list.d/citus.sources

## verify sources!
RUN apt-env.sh apt-get update ; \
    apt-clean.sh

## ---

FROM base AS patroni
SHELL [ "/bin/sh", "-ec" ]

COPY /scripts/*  /usr/local/sbin/

COPY --from=certs /etc/ssl/certs/ca-certificates.*  /etc/ssl/certs/

COPY --from=apt-gpg /etc/apt/keyrings/  /etc/apt/keyrings/

COPY /apt/sources.pgdg      /etc/apt/sources.list.d/pgdg.sources
COPY /apt/preferences.pgdg  /etc/apt/preferences.d/pgdg

ENV DEV_PACKAGES='libffi-dev libpq-dev libyaml-dev'
# psutil
ENV CIBUILDWHEEL=1
# pyyaml
ENV PYYAML_FORCE_CYTHON=1

COPY /requirements.txt  /tmp/

RUN w=$(mktemp -d) ; : "${w:?}" ; \
    { apt-mark showauto ; apt-mark showmanual ; } | sort -uV > "$w/t0" ; \
    printf '%s\n' ${DEV_PACKAGES} | sort -uV > "$w/t1" ; \
    apt-install.sh ${DEV_PACKAGES} ; \
    { apt-mark showauto ; apt-mark showmanual ; } | sort -uV > "$w/t2" ; \
    set +e ; \
    grep -Fxv -f "$w/t0" "$w/t2" > "$w/t3" ; \
    grep -Fxv -f "$w/t1" "$w/t3" > "$w/t4" ; \
    grep -Ev -e '-(dev|doc)$' "$w/t4" > "${PYTHON_SITE_PACKAGES}/apt-deps.txt" ; \
    set -e ; \
    rm -rf "$w/" ; unset w ; \
    apt-install.sh build-essential ; \
    pip-env.sh pip install 'cython' ; \
    pip-env.sh pip install \
      --no-binary 'cffi,psutil,pyyaml' \
      -r /tmp/requirements.txt \
    ; \
    pip-env.sh pip uninstall -y 'cython' ; \
    python-rm-cache.sh "${PYTHON_SITE_PACKAGES}" ; \
    rm -rf \
      "${PYTHON_SITE_PACKAGES}/etcd/tests" \
      "${PYTHON_SITE_PACKAGES}/psutil/tests" \
    ; \
    find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -exec ls -l {} + ; \
    echo ; \
    find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -printf '%p\0' \
    | sed -zE '/rust/d' \
    | xargs -0r strip --verbose --strip-debug ; \
    echo ; \
    find "${PYTHON_SITE_PACKAGES}/" -type f -name '*.so*' -exec ls -l {} + ; \
    apt-remove.sh build-essential ; \
    apt-clean.sh

## ---

FROM base
SHELL [ "/bin/sh", "-ec" ]

COPY /Dockerfile.deps  /usr/local/share/

COPY /scripts/*  /usr/local/sbin/

COPY --from=certs /etc/ssl/certs/ca-certificates.*  /etc/ssl/certs/

COPY --from=apt-gpg /etc/apt/keyrings/  /etc/apt/keyrings/

COPY /apt/sources.pgdg      /etc/apt/sources.list.d/pgdg.sources
COPY /apt/preferences.pgdg  /etc/apt/preferences.d/pgdg

COPY --from=patroni /usr/local/bin/            /usr/local/bin/
COPY --from=patroni /${PYTHON_SITE_PACKAGES}/  /${PYTHON_SITE_PACKAGES}/

## install missing dependencies for Python site-packages
RUN f="${PYTHON_SITE_PACKAGES}/apt-deps.txt" ; \
    [ -s "$f" ] || exit 0 ; \
    xargs -a "$f" apt-install.sh ; \
    apt-clean.sh

RUN apt-install.sh \
      brotli \
      curl \
      dumb-init \
      file \
      gettext-base \
      gnupg \
      iproute2 \
      iputils-ping \
      jq \
      less \
      libnss-wrapper \
      lsof \
      ncurses-base \
      netbase \
      netcat-openbsd \
      openssl \
      procps \
      psmisc \
      tzdata \
      vim \
      xxd \
      xz-utils \
      zstd \
    ; \
    apt-clean.sh

## set up locales!
RUN _lang=en_US.UTF8 ; \
    { \
        echo "locales  locales/default_environment_locale  select       ${LANG}" ; \
        echo "locales  locales/locales_to_be_generated     multiselect  ${LANG} UTF-8" ; \
    } | debconf-set-selections ; \
    f=/etc/dpkg/dpkg.cfg.d/docker ; \
    if [ -f "$f" ] ; then \
        sed -Ei '/\/usr\/share\/locale/d' "$f" ; \
    fi ; \
    echo "LANG=${_lang}" > /etc/default/locale ; \
    apt-install.sh locales ; apt-clean.sh ; \
    grep -Fixq "${_lang} UTF-8" /etc/locale.gen || { \
        echo "${_lang} UTF-8" >> /etc/locale.gen ; \
        locale-gen ; \
    } ; \
    locale -a | grep -Fixq "${_lang}"
ENV LANG=en_US.UTF8

RUN find /usr/local/sbin/ ! -type d -ls -delete