FROM debian:stable-slim AS build_stage

ARG CGIT_VERSION="master"

RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    git \
    liblua5.1-dev \
    zlib1g-dev \
    libssl-dev \
    gettext \
    python3 \
    python3-docutils \
    python3-markdown \
    python3-pygments \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /opt
RUN git clone https://git.zx2c4.com/cgit
WORKDIR /opt/cgit
RUN git checkout ${CGIT_VERSION} \
    && git submodule init \
    && git submodule update

COPY cgit.conf .

RUN make -j7 && make install

FROM debian:stable-slim AS wwwgit

RUN apt-get update && apt-get install -y --no-install-recommends \
    nginx-light \
    fcgiwrap \
    git \
    gettext-base \
    python3 \
    python3-docutils \
    python3-markdown \
    python3-pygments \
    tini \
    curl \
    openssh-server \
    locales \
    && rm -rf /var/lib/apt/lists/*

# Generate locale to fix git locale warnings
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen

COPY --from=build_stage /var/www/html/cgit /var/www/html/cgit

RUN mkdir -p /var/lib/git/repositories

RUN useradd -m -d /var/lib/git/repositories -s /usr/bin/git-shell code

# Set default branch to main for the code user
RUN git config --system init.defaultBranch main

# Store git-shell-commands in a persistent location (will be copied to home on startup)
RUN mkdir -p /usr/local/share/git-shell-commands
COPY init-repo /usr/local/share/git-shell-commands/init-repo
COPY delete-repo /usr/local/share/git-shell-commands/delete-repo
COPY help /usr/local/share/git-shell-commands/help
COPY list /usr/local/share/git-shell-commands/list
COPY no-interactive-login /usr/local/share/git-shell-commands/no-interactive-login
RUN chmod +x /usr/local/share/git-shell-commands/*

RUN mkdir -p /run/sshd \
    && mkdir -p /etc/ssh/sshd_config.d

COPY sshd_code_user.conf /etc/ssh/sshd_config.d/code_user.conf

RUN chown -R www-data:www-data /var/www/html/cgit \
    && chown -R code:code /var/lib/git/repositories \
    && chmod 755 /var/lib/git \
    && chmod 755 /var/lib/git/repositories

RUN rm /etc/nginx/sites-enabled/default

COPY cgit.nginx.conf /etc/nginx/sites-available/cgit.conf
RUN ln -s /etc/nginx/sites-available/cgit.conf /etc/nginx/sites-enabled/cgit.conf

COPY cgitrc /var/www/html/cgit/cgitrc

COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh

RUN mkdir /run/sock
RUN chown -R www-data:www-data /run/sock

COPY static /var/www/html/cgit/static

EXPOSE 80 22
HEALTHCHECK CMD ["curl", "http://localhost:80"]
ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/entrypoint.sh"]