from golang:1.25-alpine as builder
env CGO_ENABLED=1

arg TAG='v1.13.0-alpha'

workdir /app
run apk add git gcc musl-dev
run git clone -b ${TAG} https://tangled.org/@tangled.org/core .
run go build -o /usr/bin/knot -ldflags '-s -w -extldflags "-static"' ./cmd/knot

from alpine:latest
env KNOT_REPO_SCAN_PATH=/home/git/repositories
expose 5555
expose 22

label org.opencontainers.image.title='knot'
label org.opencontainers.image.description='data server for tangled'
label org.opencontainers.image.source='https://tangled.org/@tangled.org/knot-docker'
label org.opencontainers.image.url='https://tangled.org'
label org.opencontainers.image.vendor='tangled.org'
label org.opencontainers.image.licenses='MIT'

arg UID=1000
arg GID=1000

COPY ./rootfs /
run chmod 755 /etc
run chmod -R 755 /etc/s6-overlay
run apk add shadow s6-overlay execline openssl openssh git curl bash
run groupadd -g $GID -f git
run useradd -u $UID -g $GID -d /home/git git
run openssl rand -hex 16 | passwd --stdin git
run mkdir -p /home/git/repositories && chown -R git:git /home/git
copy --from=builder /usr/bin/knot /usr/bin
run mkdir /app && chown -R git:git /app

healthcheck --interval=60s --timeout=30s --start-period=5s --retries=3 \
    cmd curl -f http://localhost:5555 || exit 1

entrypoint ["/init"]
