# syntax=docker/dockerfile:1
ARG PYTHON_VERSION=3.12.3
ARG DEGUG=0
FROM python:${PYTHON_VERSION}-slim AS base

ARG APP_USER=%%PERMISIONED_USERNAME%%
ARG UID=%%PERMISSIONED_UID%%
ARG GID=%%PERMISSIONED_GID%%
ARG APP_GROUP=%%PERMISSIONED_GROUPNAME%%

RUN echo "Building the Docker image..."

# Prevents Python from writing pyc files.
ENV PYTHONDONTWRITEBYTECODE=${DEBUG}

# Keeps Python from buffering stdout and stderr to avoid situations where
# the application crashes without emitting any logs due to buffering.
ENV PYTHONUNBUFFERED=1

#########################################
# Create a non-root user to run the app #
RUN if ! getent group "${APP_GROUP}"; then \
    addgroup --gid "${GID}" "${APP_GROUP}"; fi

RUN adduser \
    --disabled-password \
    --gecos "" \
    --shell "/sbin/nologin" \
    --home "/${APP_USER}" \
    --uid "${UID}" \
    --ingroup "${APP_GROUP}" \
    "${APP_USER}"


# get pg_restore and other database tools #
# 
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
    # The list of packages that we install here :
    ca-certificates wget gnupg2 lsb-release sudo iputils-ping curl dos2unix cifs-utils && \
    # End of the list of packages
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Add postgresql repos to the keyring (to be able to install postgresql client connector with the right stable version)
RUN install -d -m 0755 /etc/apt/keyrings

RUN cat /etc/os-release >&2
RUN set -eux; . /etc/os-release; echo "ID=$ID VERSION_CODENAME=$VERSION_CODENAME" >&2

RUN wget -qO /etc/apt/keyrings/postgresql.asc https://www.postgresql.org/media/keys/ACCC4CF8.asc; \
    echo "deb [signed-by=/etc/apt/keyrings/postgresql.asc] https://apt.postgresql.org/pub/repos/apt bookworm-pgdg main" \
      > /etc/apt/sources.list.d/pgdg.list

RUN rm -rf /var/lib/apt/lists/* && apt-get update

RUN apt-get install -y --no-install-recommends \
    postgresql-client-17 \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

########################################################
# Install UV that will manage the python dependancies #
RUN pip install uv

#################################################################
## Copy the django application source code into the container. ##
RUN mkdir -p /app/uploaded/static && \
    mkdir -p /app/uploaded/media && \
    mkdir -p /mnt/external_data

COPY ./pyproject.toml /app/pyproject.toml
COPY ./uv.lock /app/uv.lock
# copying uv.lock is to ensure that while we install dependancies, they are not updated
# (if the version pinning is "loose") compared to the lockfile, to avoid potential code break
# when using these dependancies in alyx's implementation

################################################
## ENSURE WE ACCESS THE ENTRYPOINT CORRECTLY  ##
COPY ./django_server/entrypoint.sh /app/entrypoint.sh
COPY ./django_server/gunicorn.conf.py /app/gunicorn.conf.py

#############################################################################
## ENSURE WE COPY CONFIG FILES GENERATED WITH INSTALL, IN PROPER LOCATIONS ##
COPY ./django_server/custom_settings.py /app/extra_configuration/custom_settings.py

##################################################################
## SET USER PERMISSIONS ON THE APP FOLDER AND ENTRYPOINT SCRIPT ##
RUN chown -R ${APP_USER}:${APP_GROUP} /app/

RUN dos2unix -o /app/entrypoint.sh
RUN chown ${APP_USER}:${APP_GROUP} /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh

##########################################################################
## Permissions to access the external_data folder on the mount location ##
RUN chown -R ${APP_USER}:${APP_GROUP} /mnt/external_data
RUN chmod -R 700 /mnt/external_data

#############################################################
RUN echo "${APP_USER} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

#############################################################
# Switch to the non-privileged user to run the application. #
USER ${APP_USER}

WORKDIR /app

# Expose the port that the application listens on.
EXPOSE 80

RUN echo "Launching the entrypoint script..."
CMD ["./entrypoint.sh"]