# Copyright 2024 RustFS Team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Multi-stage Alpine build for minimal runtime image
FROM rust:1.85-alpine AS builder

# Build arguments for dynamic artifact download
ARG VERSION=""
ARG BUILD_TYPE="release"
ARG TARGETARCH

# Install build dependencies
RUN apk add --no-cache \
    musl-dev \
    pkgconfig \
    openssl-dev \
    openssl-libs-static \
    curl \
    unzip \
    bash \
    wget \
    ca-certificates

# Install protoc
RUN wget https://github.com/protocolbuffers/protobuf/releases/download/v31.1/protoc-31.1-linux-x86_64.zip \
    && unzip protoc-31.1-linux-x86_64.zip -d protoc3 \
    && mv protoc3/bin/* /usr/local/bin/ && chmod +x /usr/local/bin/protoc \
    && mv protoc3/include/* /usr/local/include/ && rm -rf protoc-31.1-linux-x86_64.zip protoc3

# Install flatc
RUN wget https://github.com/google/flatbuffers/releases/download/v25.2.10/Linux.flatc.binary.g++-13.zip \
    && unzip Linux.flatc.binary.g++-13.zip \
    && mv flatc /usr/local/bin/ && chmod +x /usr/local/bin/flatc \
    && rm -rf Linux.flatc.binary.g++-13.zip

# Option A: Download pre-built binary (faster)
RUN if [ -n "$VERSION" ]; then \
        # Map TARGETARCH to our naming convention
        case "${TARGETARCH}" in \
            amd64) ARCH="x86_64" ;; \
            arm64) ARCH="aarch64" ;; \
            *) echo "Unsupported architecture: ${TARGETARCH}" && exit 1 ;; \
        esac; \
        \
        # Handle VERSION with potential dev- prefix using variable expansion
        if [[ "$VERSION" == dev-* ]]; then \
            # Remove dev- prefix if present
            CLEAN_VERSION="${VERSION#dev-}"; \
            DOWNLOAD_PATH="artifacts/rustfs/dev"; \
            FILENAME="rustfs-linux-${ARCH}-dev-${CLEAN_VERSION}.zip"; \
        else \
            # VERSION is a release version
            DOWNLOAD_PATH="artifacts/rustfs/release"; \
            FILENAME="rustfs-linux-${ARCH}-v${VERSION}.zip"; \
        fi; \
        \
        # Download the binary
        DOWNLOAD_URL="https://dl.rustfs.com/${DOWNLOAD_PATH}/${FILENAME}"; \
        echo "Downloading RustFS binary from: ${DOWNLOAD_URL}"; \
        curl -Lo /tmp/rustfs.zip "${DOWNLOAD_URL}"; \
        unzip -o /tmp/rustfs.zip -d /tmp; \
        mv /tmp/rustfs /usr/local/bin/rustfs; \
        chmod +x /usr/local/bin/rustfs; \
        rm -rf /tmp/*; \
    else \
        echo "No VERSION provided, will build from source"; \
        echo "Source build not yet implemented in Alpine variant"; \
        exit 1; \
    fi

# Final Alpine runtime image
FROM alpine:3.18

RUN apk add --no-cache \
    ca-certificates \
    tzdata \
    bash

# Create rustfs user for security
RUN addgroup -g 1000 rustfs && \
    adduser -D -u 1000 -G rustfs rustfs

WORKDIR /app

# Copy binary from builder
COPY --from=builder /usr/local/bin/rustfs /app/rustfs
RUN chmod +x /app/rustfs && chown rustfs:rustfs /app/rustfs

# Create data directories
RUN mkdir -p /data && chown -R rustfs:rustfs /data /app

# Switch to non-root user
USER rustfs

# Environment variables
ENV RUSTFS_ACCESS_KEY=rustfsadmin \
    RUSTFS_SECRET_KEY=rustfsadmin \
    RUSTFS_ADDRESS=":9000" \
    RUSTFS_CONSOLE_ENABLE=true \
    RUSTFS_VOLUMES=/data \
    RUST_LOG=warn

EXPOSE 9000

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://localhost:9000/health || exit 1

CMD ["/app/rustfs"]