FROM debian:buster-slim

ARG DEBIAN_FRONTEND="noninteractive"

# Third party software versions
ARG FFMPEG_VERSION="4.3.1"
ENV FFMPEG_EXPECTED_MD5="ee235393ec7778279144ee6cbdd9eb64"
ENV FFMPEG_TARBALL="https://johnvansickle.com/ffmpeg/releases/ffmpeg-${FFMPEG_VERSION}-amd64-static.tar.xz"

# Install third party software
RUN set -x && \
    # Install required distro packages
    apt-get update && \
    apt-get -y --no-install-recommends install curl xz-utils ca-certificates binutils && \
    # Install ffmpeg
    curl -L ${FFMPEG_TARBALL} --output /tmp/ffmpeg-${FFMPEG_VERSION}-amd64-static.tar.xz && \
    echo "${FFMPEG_EXPECTED_MD5}  tmp/ffmpeg-${FFMPEG_VERSION}-amd64-static.tar.xz" | md5sum -c - && \
    xz --decompress /tmp/ffmpeg-${FFMPEG_VERSION}-amd64-static.tar.xz && \
    tar -xvf /tmp/ffmpeg-${FFMPEG_VERSION}-amd64-static.tar -C /tmp && \
    ls -lat /tmp/ffmpeg-4.3.1-amd64-static && \
    install -v -s -g root -o root -m 0755 -s /tmp/ffmpeg-${FFMPEG_VERSION}-amd64-static/ffmpeg -t /usr/local/bin && \
    # Clean up
    rm -rf /tmp/ffmpeg-${FFMPEG_VERSION}-amd64-static.tar && \
    rm -rf /tmp/ffmpeg-${FFMPEG_VERSION}-amd64-static && \
    apt-get -y autoremove --purge curl xz-utils binutils

# Defaults
ARG default_uid="10000"
ARG default_gid="10000"

# Copy app
COPY app /app
COPY app/tubesync/local_settings.py.container /app/tubesync/local_settings.py

# Add Pipfiles
COPY Pipfile /app/Pipfile
COPY Pipfile.lock /app/Pipfile.lock

# Switch workdir to the the app
WORKDIR /app

# Set up the app
ENV UID="${default_uid}"
ENV GID="${default_gid}"
RUN set -x && \
  # Install required distro packages
  apt-get -y --no-install-recommends install python3 python3-setuptools python3-pip python3-dev gcc make && \
  # Install wheel which is required for pipenv
  pip3 --disable-pip-version-check install wheel && \
  # Then install pipenv
  pip3 --disable-pip-version-check install pipenv && \
  # Create a 'www' user which the workers drop to
  groupadd -g ${GID} www && \
  useradd -M -d /app -s /bin/false -u ${UID} -g www www && \
  # Install non-distro packages
  pipenv install --system  && \
  # Make absolutely sure we didn't accidentally bundle a SQLite dev database
  rm -rf /app/db.sqlite3 && \
  # Create config, downloads and run dirs we can write to
  mkdir -p /run/www && \
  chown -R www:www /run/www && \
  chmod -R 0700 /run/www && \
  mkdir -p /config && \
  chown -R www:www /config && \
  chmod -R 0755 /config && \
  mkdir -p /downloads && \
  chown -R www:www /downloads && \
  chmod -R 0755 /downloads && \
  # Reset permissions
  mkdir -p /app/static && \
  chown -R root:www /app && \
  chown -R www:www /app/common/static && \
  chown -R www:www /app/static && \
  chmod -R 0750 /app && \
  find /app -type f -exec chmod 640 {} \; && \
  chmod 0750 /app/entrypoint.sh && \
  # Clean up
  rm /app/Pipfile && \
  rm /app/Pipfile.lock && \
  pipenv --clear && \
  pip3 --disable-pip-version-check uninstall -y pipenv wheel virtualenv && \
  apt-get -y autoremove --purge python3-pip python3-dev gcc make && \
  apt-get -y autoremove && \
  apt-get -y autoclean && \
  rm -rf /var/lib/apt/lists/* && \
  rm -rf /var/cache/apt/* && \
  rm -rf /tmp/* && \
  # Pipenv leaves a bunch of stuff in /root, as we're not using it recreate it
  rm -rf /root && \
  mkdir -p /root && \
  chown root:root /root && \
  chmod 0700 /root

# Create a healthcheck
HEALTHCHECK --interval=1m --timeout=10s CMD /app/healthcheck.py http://127.0.0.1:8080/healthcheck

# Drop to the www user
USER www

# ENVS and ports
ENV PYTHONPATH "/app:${PYTHONPATH}"
EXPOSE 8080

# Entrypoint
ENTRYPOINT ["/app/entrypoint.sh"]

# Run gunicorn
CMD ["/usr/local/bin/gunicorn", "-c", "/app/tubesync/gunicorn.py", "-k", "uvicorn.workers.UvicornWorker", "--capture-output", "tubesync.asgi:application"]