FROM erseco/alpine-php-webserver:3.20.5

ARG VERSION=
ARG WEBDIR=/var/www/html

LABEL version="${VERSION}" \
    Maintainer="H2 invent GmbH" \
    Description="Docker Image der Anwendung Unsere Schulkindbetreuung" \
    org.opencontainers.version="${VERSION}" \
    org.opencontainers.image.title="Unsere Schulkindbetreuung" \
    org.opencontainers.image.license="INTERNAL" \
    org.opencontainers.image.vendor="H2 invent GmbH" \
    org.opencontainers.image.authors="Andreas Holzmann <support@h2-invent.com>" \
    org.opencontainers.image.source="https://github.com/h2-invent/skb" \
    org.opencontainers.image.documentation="https://unsere-schulkindbetreuung.de" \
    org.opencontainers.image.url="https://unsere-schulkindbetreuung.de"

USER root
RUN apk --no-cache add \
    unzip \
    cronie \
    libcap

RUN mkdir /etc/service/crond \
    && echo "#!/bin/sh -e" > /etc/service/crond/run \
    && echo "exec 2>&1 /usr/sbin/crond -f" >> /etc/service/crond/run \
    && chown -R nobody:nobody /etc/service/crond \
    && chmod -R +x /etc/service/crond \
    && chown nobody:nobody /usr/sbin/crond \
    && setcap cap_setgid=ep /usr/sbin/crond \
    && setcap cap_setuid=ep /usr/sbin/crond

RUN echo "# Docker Cron Jobs" > /etc/crontabs/nobody \
    && echo "*/10 * * * * php ${WEBDIR}/bin/console app:stats > /dev/null > 2>&1" >> /etc/crontabs/nobody \
    && chown nobody:nobody /etc/crontabs/nobody \
    && chmod +x /etc/crontabs/nobody

#RUN echo "#!/bin/sh" > /docker-entrypoint-init.d/symfony.sh \
#    && echo "php ${WEBDIR}/bin/console cache:clear" >> /docker-entrypoint-init.d/symfony.sh \
#    && echo "php ${WEBDIR}/bin/console doc:mig:mig --no-interaction" >> /docker-entrypoint-init.d/symfony.sh \
#    && echo "php ${WEBDIR}/bin/console cache:clear" >> /docker-entrypoint-init.d/symfony.sh \
#    && chmod +x /docker-entrypoint-init.d/*

RUN --mount=type=secret,id=ARTIFACT_USER \
    --mount=type=secret,id=ARTIFACT_SECRET \
    --mount=type=secret,id=ARTIFACT_URL \
    ARTIFACT_USER=$(cat /run/secrets/ARTIFACT_USER) \
    ARTIFACT_SECRET=$(cat /run/secrets/ARTIFACT_SECRET) \
    ARTIFACT_URL=$(cat /run/secrets/ARTIFACT_URL) \
    && wget https://${ARTIFACT_USER}:${ARTIFACT_SECRET}@${ARTIFACT_URL}-${VERSION}.zip -O artifact.zip \
    && unzip artifact.zip -d ${WEBDIR} \
    && chown -R nobody ${WEBDIR}/public \
    && chown -R nobody ${WEBDIR}/var \
    && chmod -R 700 ${WEBDIR}/public \
    && chmod -R 700 ${WEBDIR}/var

RUN apk del unzip \
    && rm artifact.zip \
    && rm -r ${WEBDIR}/var/cache \
    && rm -rf /var/cache/apk/*

USER nobody

ENV nginx_root_directory=/var/www/html/public \
    upload_max_filesize=10M