# Piggie — PostgreSQL 18 + Apache AGE 1.7.0 + pgvector 0.8.2
# Multi-arch build (linux/amd64 + linux/arm64)
#
# Build:
#   docker buildx build --platform linux/amd64,linux/arm64 -t piggie/db:18-1.7.0 docker/
#
# Usage:
#   docker compose up -d
#   piggie.connect("postgresql://piggie:piggie@localhost:5488/piggie", graph="my_graph")

# ── Stage 1: Build Apache AGE from source ────────────────────────────
FROM postgres:18 AS build-age

RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        build-essential \
        git \
        ca-certificates \
        postgresql-server-dev-18 \
        libreadline-dev \
        zlib1g-dev \
        flex \
        bison && \
    cd /tmp && \
    git clone --branch release/PG18/1.7.0 --depth 1 \
        https://github.com/apache/age.git && \
    cd age && \
    make && make install && \
    rm -rf /tmp/age

# ── Stage 2: Build pgvector from source ──────────────────────────────
FROM postgres:18 AS build-pgvector

RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        build-essential \
        git \
        ca-certificates \
        postgresql-server-dev-18 && \
    cd /tmp && \
    git clone --branch v0.8.2 --depth 1 \
        https://github.com/pgvector/pgvector.git && \
    cd pgvector && \
    make && make install && \
    rm -rf /tmp/pgvector

# ── Stage 3: Runtime image ───────────────────────────────────────────
FROM postgres:18

LABEL org.opencontainers.image.title="Piggie DB" \
      org.opencontainers.image.description="PostgreSQL 18 + Apache AGE 1.7.0 + pgvector 0.8.2" \
      org.opencontainers.image.url="https://piggie.rizlabs.com" \
      org.opencontainers.image.source="https://github.com/gregfelice/piggie" \
      org.opencontainers.image.licenses="Apache-2.0"

# Copy AGE shared library and extension files
COPY --from=build-age /usr/lib/postgresql/18/lib/age.so \
     /usr/lib/postgresql/18/lib/
COPY --from=build-age /usr/share/postgresql/18/extension/age* \
     /usr/share/postgresql/18/extension/

# Copy pgvector shared library and extension files
COPY --from=build-pgvector /usr/lib/postgresql/18/lib/vector.so \
     /usr/lib/postgresql/18/lib/
COPY --from=build-pgvector /usr/share/postgresql/18/extension/vector* \
     /usr/share/postgresql/18/extension/

# Copy hardened PG configuration
COPY postgresql.conf /etc/postgresql/postgresql.conf
COPY pg_hba.conf /etc/postgresql/pg_hba.conf

# Copy initialization script
COPY init.sql /docker-entrypoint-initdb.d/01-init-extensions.sql

# Generate a self-signed TLS certificate for PG SSL
RUN mkdir -p /etc/postgresql/ssl && \
    openssl req -new -x509 -days 3650 -nodes \
        -subj "/CN=piggie-db" \
        -keyout /etc/postgresql/ssl/server.key \
        -out /etc/postgresql/ssl/server.crt && \
    chmod 600 /etc/postgresql/ssl/server.key && \
    chown postgres:postgres /etc/postgresql/ssl/server.key \
        /etc/postgresql/ssl/server.crt

# Use hardened configuration
CMD ["postgres", "-c", "config_file=/etc/postgresql/postgresql.conf", \
     "-c", "hba_file=/etc/postgresql/pg_hba.conf"]
