FROM archlinux:base

RUN pacman -Suy --noconfirm && pacman -S openssh openssl git --noconfirm

# Docker still have this really stupied idea that all files must be relative "context",
# so context is set to ../.. relative the docker-compose.yaml
COPY server/target/x86_64-unknown-linux-musl/debug/eyeballs-githook /app/eyeballs-githook
COPY server/target/debug/eyeballs /app/eyeballs
COPY docker/integration_test/web/setup.sh /app/setup.sh

RUN mkdir -p /git/auth /git/repos

# git image runs as default git user, with uid 1000 gid 1000.
# we need the same, but it can't be named git (as package git installs a git user)
# so add another user with 1000 gid 1000 and make sure that shared files
# (/git/auth and /git/repos) are owned by that user and not root.
RUN useradd --no-create-home --uid 1000 --user-group -s /usr/bin/nologin alf

RUN chown alf:alf /app
RUN chown alf:alf /git/auth
RUN chown alf:alf /git/repos
VOLUME /git/auth
VOLUME /git/repos

USER alf:alf

RUN mkdir -p -m 0700 /app/.ssh
COPY docker/integration_test/web/gitkey /app/.ssh/id_rsa

WORKDIR /app
ENTRYPOINT /app/setup.sh

HEALTHCHECK --start-period=1s --interval=1m --timeout=1s CMD curl -f http://localhost:8000/api/v1/healthcheck