from golang:1.25-alpine as builder
env CGO_ENABLED=1

arg TAG='v1.11.0-alpha'

workdir /app
run apk add git gcc musl-dev
run git clone -b ${TAG} https://tangled.org/@tangled.org/core .

FROM builder AS build-knot
RUN go build -o /usr/bin/knot -ldflags '-s -w -extldflags "-static"' ./cmd/knot

FROM builder AS build-spindle
RUN go build -o /usr/bin/spindle ./cmd/spindle

from alpine:latest AS knot
ENV KNOT_REPO_SCAN_PATH=/home/git/repositories
expose 5555
expose 22

label org.opencontainers.image.title='knot'
label org.opencontainers.image.description='data server for tangled'
label org.opencontainers.image.source='https://tangled.org/@tangled.org/knot-docker'
label org.opencontainers.image.url='https://tangled.org'
label org.opencontainers.image.vendor='tangled.org'
label org.opencontainers.image.licenses='MIT'

arg UID=1000
arg GID=1000

copy rootfs .
run chmod 755 /etc
run chmod -R 755 /etc/s6-overlay
run apk add shadow s6-overlay execline openssl openssh git curl bash
run groupadd -g $GID -f git
run useradd -u $UID -g $GID -d /home/git git
run openssl rand -hex 16 | passwd --stdin git
run mkdir -p /home/git/repositories && chown -R git:git /home/git
copy --from=build-knot /usr/bin/knot /usr/bin
run mkdir /app && chown -R git:git /app

healthcheck --interval=60s --timeout=30s --start-period=5s --retries=3 \
    cmd curl -f http://localhost:5555 || exit 1
entrypoint ["/init"]

FROM alpine:edge AS spindle
EXPOSE 6555

LABEL org.opencontainers.image.title="spindle"
LABEL org.opencontainers.image.description="ci server for tangled"
LABEL org.opencontainers.image.source="https://tangled.org/@tangled.org/knot-docker"
LABEL org.opencontainers.image.url="https://tangled.org"
LABEL org.opencontainers.image.vendor="tangled.org"
LABEL org.opencontainers.image.licenses="MIT"

ARG UID=1000
ARG GID=1000

run apk add curl bash
RUN adduser --system --uid $UID spindle
RUN addgroup --system --gid $UID spindle
RUN mkdir -p /app && chown -R spindle:spindle /app

COPY --from=build-spindle /usr/bin/spindle /usr/bin

WORKDIR /app
CMD ["spindle"]
VOLUME ["/app"]
HEALTHCHECK --interval=60s --timeout=30s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:6555 || exit 1