ARG BASE_IMAGE=registry.gitlab.com/claromentis/infrastructure/docker/php
ARG BASE_TAG=7.4-fpm-alpine
ARG CLARO_ENV=PRODUCTION
FROM ${BASE_IMAGE}:${BASE_TAG}

# Switch to the root user for system operations
USER root

# Install and configure Nginx, add binaries used by the product
# Use libcap to allow Nginx to bind to privileged ports as a non-privileged user
RUN apk add --no-cache nginx libcap && mkdir -p /run/nginx \
    && setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/nginx \
    && apk del libcap
COPY docker/nginx/nginx.conf /etc/nginx/nginx.conf
COPY docker/nginx/http.d/default.conf /etc/nginx/http.d/default.conf

# Install wkhtmltopdf 0.12.5 with qt patches
# https://github.com/madnight/docker-alpine-wkhtmltopdf
COPY --from=madnight/docker-alpine-wkhtmltopdf:0.12.5-alpine3.13 \
    /bin/wkhtmltopdf /usr/bin/wkhtmltopdf
RUN apk add --update --no-cache ttf-dejavu ttf-droid ttf-freefont ttf-liberation \
    && if [ ! -f /usr/local/bin/wkhtmltopdf ]; then ln -s /usr/bin/wkhtmltopdf /usr/local/bin/wkhtmltopdf; fi;

# Configure PHP
COPY docker/php.claromentis.ini $PHP_INI_DIR/conf.d/php.claromentis.ini

# Configure ImageMagick
COPY docker/policy.xml /etc/ImageMagick-7/policy.xml

# Set default environment variables
ENV CLARO_ROOT=/var/www/claromentis
ENV CLARO_ENV=$CLARO_ENV \
    CLARO_SYSTEM_MODE=SAAS \
# TODO: Consider moving data directories to /var/lib/claromentis or similar
#       https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard
    CLARO_DATA_DIR=${CLARO_ROOT}/data \
    CLARO_LOCAL_DATA_DIR=${CLARO_ROOT}/local_data \
    CLARO_DB_HOST=mysql \
    CLARO_DOC_CONV_HOST=doc-converter \
    CLARO_ES_HOSTS=elasticsearch \
    CLARO_IMAGE_RESIZE_METHOD=IM

# Install the Claromentis codebase
# TODO: Drop all of the chown/chmod hacks below, sort out permissions properly
#       This seems to be necessary currently because ./clc runs (and creates files/directories) as root
#       but PHP-FPM runs child processes as www-data (even through its primary process is run as root)

# TODO: Consider moving the product ($CLARO_ROOT) from /var/www to somewhere more appropriate:
#       https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard
COPY --chown=claromentis:www-data . $CLARO_ROOT/
RUN mkdir -p $CLARO_DATA_DIR $CLARO_LOCAL_DATA_DIR \
    && mkdir -p $CLARO_DATA_DIR/db \
    && mkdir -p $CLARO_LOCAL_DATA_DIR/i18n_cache $CLARO_LOCAL_DATA_DIR/templater_cache $CLARO_LOCAL_DATA_DIR/temp \
    && chown -R claromentis:www-data $CLARO_DATA_DIR $CLARO_LOCAL_DATA_DIR \
    && chmod -R g+rw $CLARO_DATA_DIR $CLARO_LOCAL_DATA_DIR \
    && chown claromentis:www-data $CLARO_ROOT \
    && chmod g+rw $CLARO_ROOT $CLARO_ROOT/application \
    && chown -R nginx:www-data /var/lib/nginx /var/log/nginx \
    && chmod -R g+rw /var/lib/nginx /var/log/nginx
WORKDIR /var/www/claromentis/application

# Switch back to the non-privileged user
USER claromentis

# Expose port 80 for HTTP traffic
EXPOSE 80

# Run Claromentis migrations, start Nginx & PHP-FPM
# TODO: Process management for merging Nginx/PHP-FPM syslogs to proc 1's STDOUT/STDERR, for Docker logs
CMD ./clc app:install --all -n -v --admin_password=$CLARO_ADMIN_PASSWORD \
    && (nginx & php-fpm)
