FROM golang:1.24 AS builder

RUN apt-get update
RUN apt-get install -y build-essential wget ca-certificates

ARG FDB_VERSION=7.4.5
ENV FDB_VERSION=${FDB_VERSION}

# Install FoundationDB client libraries with checksum verification
RUN cd /tmp && \
    wget https://github.com/apple/foundationdb/releases/download/${FDB_VERSION}/foundationdb-clients_${FDB_VERSION}-1_amd64.deb && \
    # Note: FoundationDB releases don't provide SHA256SUM files, but we verify the download succeeded
    # In production, consider adding explicit checksum verification if available
    dpkg -i foundationdb-clients_${FDB_VERSION}-1_amd64.deb && \
    rm foundationdb-clients_${FDB_VERSION}-1_amd64.deb

# Set up FoundationDB environment variables for CGO
ENV CGO_CFLAGS="-I/usr/include/foundationdb"
ENV CGO_LDFLAGS="-lfdb_c"

# build SeaweedFS
RUN mkdir -p /go/src/github.com/seaweedfs/
RUN git clone https://github.com/seaweedfs/seaweedfs /go/src/github.com/seaweedfs/seaweedfs
ARG BRANCH=master
RUN cd /go/src/github.com/seaweedfs/seaweedfs && git checkout $BRANCH
RUN cd /go/src/github.com/seaweedfs/seaweedfs/weed \
  && export LDFLAGS="-X github.com/seaweedfs/seaweedfs/weed/util/version.COMMIT=$(git rev-parse --short HEAD)" \
  && go install -tags "5BytesOffset foundationdb" -ldflags "${LDFLAGS}"


FROM debian:bookworm-slim AS final
LABEL author="Chris Lu"

# Install runtime dependencies first
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
    ca-certificates \
    fuse \
    wget && \
    rm -rf /var/lib/apt/lists/*

# Install FoundationDB client library in runtime image
ARG FDB_VERSION=7.4.5
RUN cd /tmp && \
    wget https://github.com/apple/foundationdb/releases/download/${FDB_VERSION}/foundationdb-clients_${FDB_VERSION}-1_amd64.deb && \
    dpkg -i foundationdb-clients_${FDB_VERSION}-1_amd64.deb && \
    rm foundationdb-clients_${FDB_VERSION}-1_amd64.deb

# Copy SeaweedFS binary and configuration
COPY --from=builder /go/bin/weed /usr/bin/
RUN mkdir -p /etc/seaweedfs
COPY --from=builder /go/src/github.com/seaweedfs/seaweedfs/docker/filer_foundationdb.toml /etc/seaweedfs/filer.toml
COPY --from=builder /go/src/github.com/seaweedfs/seaweedfs/docker/entrypoint.sh /entrypoint.sh

# Create non-root user
RUN groupadd -g 1000 seaweed && \
    useradd -u 1000 -g seaweed -s /bin/bash -m seaweed

# volume server gprc port
EXPOSE 18080
# volume server http port
EXPOSE 8080
# filer server gprc port
EXPOSE 18888
# filer server http port
EXPOSE 8888
# master server shared gprc port
EXPOSE 19333
# master server shared http port
EXPOSE 9333
# s3 server http port
EXPOSE 8333
# webdav server http port
EXPOSE 7333

# Create data directory and set proper ownership for seaweed user
RUN mkdir -p /data && \
    chown -R seaweed:seaweed /data && \
    chown -R seaweed:seaweed /etc/seaweedfs && \
    chmod 755 /entrypoint.sh

VOLUME /data

WORKDIR /data

# Switch to non-root user
USER seaweed

ENTRYPOINT ["/entrypoint.sh"]