# syntax=docker/dockerfile:1

FROM ghcr.io/sigstore/cosign/cosign:latest AS cosign-bin

FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.22

# set version label
ARG BUILD_DATE
ARG VERSION
ARG LYCHEE_VERSION
LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
LABEL maintainer="hackerman"

RUN --mount=type=bind,from=cosign-bin,source=/ko-app/cosign,target=/usr/local/bin/cosign \
    --mount=type=bind,source=/lychee.pub,target=/config/lychee.pub \
  echo "**** install runtime packages ****" && \
  apk add --no-cache --upgrade \
    exiftool \
    ffmpeg \
    gd \
    grep \
    imagemagick \
    jpegoptim \
    php84-bcmath \
    php84-dom \
    php84-exif \
    php84-gd \
    php84-intl \
    php84-ldap \
    php84-mysqli \
    php84-pdo_mysql \
    php84-pdo_pgsql \
    php84-pdo_sqlite \
    php84-pecl-imagick \
    php84-pecl-redis \
    php84-pgsql \
    php84-sodium \
    php84-sqlite3 \
    php84-tokenizer \
    postgresql16-client \
    unzip && \
  echo "**** configure php-fpm to pass env vars ****" && \
  sed -E -i 's/^;?clear_env ?=.*$/clear_env = no/g' /etc/php84/php-fpm.d/www.conf && \
  if ! grep -qxF 'clear_env = no' /etc/php84/php-fpm.d/www.conf; then echo 'clear_env = no' >> /etc/php84/php-fpm.d/www.conf; fi && \
  echo "**** install lychee ****" && \
  if [ -z "${LYCHEE_VERSION}" ]; then \
    LYCHEE_VERSION=$(curl -sX GET "https://api.github.com/repos/LycheeOrg/Lychee/releases/latest" \
    | awk '/tag_name/{print $4;exit}' FS='[""]'); \
  fi && \
  curl -o \
    /tmp/lychee.zip -L \
    "https://github.com/LycheeOrg/Lychee/releases/download/${LYCHEE_VERSION}/Lychee.zip" && \
  curl -o \
    /tmp/lychee.zip.sigstore.json -L \
    "https://github.com/LycheeOrg/Lychee/releases/download/${LYCHEE_VERSION}/Lychee.zip.sigstore.json" && \
  cosign verify-blob --key /config/lychee.pub --bundle /tmp/lychee.zip.sigstore.json /tmp/lychee.zip && \
  unzip -q /tmp/lychee.zip -d /app && \
  mv /app/Lychee /app/www && \
  echo "**** install composer dependencies ****" && \
  composer install \
    -d /app/www \
    --no-interaction \
    --no-dev \
    --prefer-dist && \
  echo "**** remove bloat ****" && \
  find . -wholename '*/[Tt]ests/*' -delete && \
  find . -wholename '*/[Tt]est/*' -delete && \
  rm -rf /app/www/storage/framework/cache/data/* && \
  rm -rf /app/www/storage/framework/sessions/* && \
  rm -rf /app/www/storage/framework/views/* && \
  rm -rf /app/www/storage/logs/* && \
  printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
  echo "**** cleanup ****" && \
  rm -rf \
    /tmp/* \
    $HOME/.cache \
    $HOME/.composer \
    $HOME/.npm

# copy local files
COPY root/ /

# ports and volumes
EXPOSE 80 443
VOLUME /config