# syntax=docker/dockerfile:1

ARG SYNAPSE_VERSION=latest
ARG FROM=matrixdotorg/synapse:$SYNAPSE_VERSION
ARG DEBIAN_VERSION=bookworm
ARG DEBIAN_VERSION_NUMERIC=12
ARG PYTHON_VERSION=3.12

# first of all, we create a base image with an nginx which we can copy into the
# target image. For repeated rebuilds, this is much faster than apt installing
# each time.

FROM ghcr.io/astral-sh/uv:python${PYTHON_VERSION}-${DEBIAN_VERSION} AS deps_base

# This silences a warning as uv isn't able to do hardlinks between its cache
# (mounted as --mount=type=cache) and the target directory.
ENV UV_LINK_MODE=copy

RUN \
  --mount=type=cache,target=/var/cache/apt,sharing=locked \
  --mount=type=cache,target=/var/lib/apt,sharing=locked \
  apt-get update -qq && \
  apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances --no-pre-depends \
      redis-server \
      nginx-light \
      mawk \
    | grep '^\w' > /tmp/pkg-list && \
  mkdir -p /tmp/debs && \
  cat /tmp/pkg-list && \
  cd /tmp/debs && \
  xargs apt-get download </tmp/pkg-list

# Extract the debs for each architecture
RUN \
    mkdir -p /install/var/lib/dpkg/status.d/ && \
    for deb in /tmp/debs/*.deb; do \
      package_name=$(dpkg-deb -I ${deb} | awk '/^ Package: .*$/ {print $2}'); \
      echo "Extracting: ${package_name}"; \
      dpkg --ctrl-tarfile $deb | tar -Ox ./control > /install/var/lib/dpkg/status.d/${package_name}; \
      dpkg --extract $deb /install; \
    done;

RUN --mount=type=cache,target=/root/.cache/uv \
    uv pip install --prefix="/install/usr/local" supervisor~=4.2

# now build the final image, based on the the regular Synapse docker image
FROM $FROM

# Copy over redis, nginx and supervisor
COPY --from=deps_base /install /
RUN mkdir -p /etc/supervisor/conf.d
RUN addgroup -S -g 33 www-data
RUN adduser -S -u 33 -G www-data -h /var/www -s /usr/sbin/nologin -H www-data
RUN chown www-data /var/lib/nginx

# have nginx log to stderr/out
RUN ln -sf /dev/stdout /var/log/nginx/access.log
RUN ln -sf /dev/stderr /var/log/nginx/error.log

# Copy Synapse worker, nginx and supervisord configuration template files
COPY ./docker/conf-workers/* /conf/

# Copy a script to prefix log lines with the supervisor program name
COPY ./docker/prefix-log /usr/local/bin/

# Expose nginx listener port
EXPOSE 8080/tcp

# A script to read environment variables and create the necessary
# files to run the desired worker configuration. Will start supervisord.
COPY ./docker/configure_workers_and_start.py /configure_workers_and_start.py
ENTRYPOINT ["/configure_workers_and_start.py"]

# Replace the healthcheck with one which checks *all* the workers. The script
# is generated by configure_workers_and_start.py.
HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
    CMD /bin/sh /healthcheck.sh