# -------------- Build-time variables --------------
ARG MASTODON_VERSION=main
ARG MASTODON_REPOSITORY=mastodon/mastodon

ARG ALPINE_VERSION=3.16
ARG HARDENED_MALLOC_VERSION=8

ARG UID=991
ARG GID=991
# ---------------------------------------------------


### Build Hardened Malloc
FROM docker.io/alpine:${ALPINE_VERSION} as build-malloc

ARG HARDENED_MALLOC_VERSION
ARG CONFIG_NATIVE=false

COPY thestinger.gpg /tmp/
RUN apk --no-cache add build-base git gnupg && cd /tmp \
 && gpg --import /tmp/thestinger.gpg \
 && git clone --depth 1 --branch ${HARDENED_MALLOC_VERSION} https://github.com/GrapheneOS/hardened_malloc \
 && cd hardened_malloc && git verify-tag $(git describe --tags) \
 && make CONFIG_NATIVE=${CONFIG_NATIVE}


### Build Mastodon
ARG ALPINE_VERSION

FROM docker.io/alpine:${ALPINE_VERSION} as mastodon-build

ARG MASTODON_VERSION
ARG MASTODON_REPOSITORY

# Install build dependencies
RUN apk --no-cache add -t build-dependencies \
    build-base \
    gnu-libiconv-dev \
    icu-dev \
    libidn-dev \
    libtool \
    libxml2-dev \
    libxslt-dev \
    postgresql-dev \
    protobuf-dev \
    python3 \
    ruby-dev \
    imagemagick \
    yarn \
    ruby \
    ruby-bundler \
    git

RUN adduser -g ${GID} -u ${UID} --disabled-password --gecos "" mastodon \
 && mkdir /mastodon \
 && chown mastodon:mastodon /mastodon
USER mastodon
WORKDIR /mastodon

RUN wget -qO- https://github.com/${MASTODON_REPOSITORY}/archive/refs/heads/${MASTODON_VERSION}.tar.gz | tar xz --strip 1

ENV RAILS_SERVE_STATIC_FILES=true \
    RAILS_ENV=production \
    NODE_ENV=production

RUN bundle config build.nokogiri --use-system-libraries \
 && bundle config set --local clean 'true' && bundle config set --local deployment 'true' \
 && bundle config set --local without 'test development' && bundle config set no-cache 'true' \
 && bundle install -j$(getconf _NPROCESSORS_ONLN)

RUN yarn install --pure-lockfile --ignore-engines \
 && OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder bundle exec rails assets:precompile \
 && yarn cache clean


### Mastodon runtime
ARG ALPINE_VERSION

FROM docker.io/alpine:${ALPINE_VERSION} as mastodon

ARG UID
ARG GID

ENV RUN_DB_MIGRATIONS=true \
    SIDEKIQ_WORKERS=5 \
    BIND=0.0.0.0 \
    RAILS_SERVE_STATIC_FILES=true \
    RAILS_ENV=production \
    NODE_ENV=production \
    PATH="${PATH}:/mastodon/bin"

# Install runtime dependencies
RUN apk --no-cache add \
    ca-certificates \
    ffmpeg \
    file \
    git \
    icu-libs \
    imagemagick \
    libidn \
    libxml2 \
    libxslt \
    libpq \
    openssl \
    protobuf \
    s6 \
    tzdata \
    yaml \
    readline \
    gcompat \
    gnu-libiconv \
    nodejs \
    ruby \
    ruby-bundler \
# For hardened_malloc
    libgcc \
    libstdc++

RUN adduser -g ${GID} -u ${UID} --disabled-password --gecos "" mastodon
USER mastodon
WORKDIR /mastodon

COPY --chown=mastodon:mastodon --from=mastodon-build /mastodon /mastodon

ENV LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"
COPY --from=build-malloc /tmp/hardened_malloc/libhardened_malloc.so /usr/local/lib/

COPY --chown=mastodon:mastodon rootfs/usr/local/bin/run /usr/local/bin/run
COPY --chown=mastodon:mastodon rootfs/etc/s6.d /etc/s6.d
RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*

VOLUME /mastodon/public/system /mastodon/log

EXPOSE 3000 4000

LABEL maintainer="Wonderfall <wonderfall@protonmail.com>" \
      description="Your self-hosted, globally interconnected microblogging community"

ENTRYPOINT ["/usr/local/bin/run"]

CMD ["/bin/s6-svscan", "/etc/s6.d"]