FROM alpine:3.12.3
LABEL maintainer "Talmai Oliveira <to@talm.ai>, James Addison <jay@jp-hosting.net>"

ARG GROCY_VERSION

# Optionally authenticate with GitHub using an API token
#
# This can reduce instances of download rate limiting by GitHub
# https://developer.github.com/v3/#rate-limiting
#
# This value is *not* assigned to a variable using the ENV instruction,
# since those variables are persisted in the resulting image and could leak
# developer credentials
# https://docs.docker.com/engine/reference/builder/#env
ARG GITHUB_API_TOKEN

# ensure www-data user exists
RUN set -eux; \
	addgroup -g 82 -S www-data; \
	adduser -u 82 -D -S -G www-data www-data
# 82 is the standard uid/gid for "www-data" in Alpine
# https://git.alpinelinux.org/aports/tree/main/apache2/apache2.pre-install?h=3.9-stable
# https://git.alpinelinux.org/aports/tree/main/lighttpd/lighttpd.pre-install?h=3.9-stable
# https://git.alpinelinux.org/aports/tree/main/nginx/nginx.pre-install?h=3.9-stable

# Install build-time dependencies
RUN     apk update && \
        apk add --no-cache \
            composer \
            git \
            gnupg \
            wget

# Install system dependencies
RUN     apk add --no-cache \
            php7-ctype \
            php7-fpm \
            php7-exif \
            php7-fileinfo \
            php7-gd \
            php7-iconv \
            php7-json \
            php7-ldap \
            php7-pdo_sqlite \
            php7-simplexml \
            php7-tokenizer

# Configure directory permissions
RUN     chown www-data /var/log/php7 && \
        mkdir /var/www && \
        chown www-data /var/www

COPY docker_grocy/www.conf /etc/php7/php-fpm.d/zz-docker.conf

# Install application dependencies (unprivileged)
USER www-data
WORKDIR /var/www

# Extract application release package
ENV GROCY_RELEASE_KEY_URI="https://berrnd.de/data/Bernd_Bestel.asc"
RUN     set -o pipefail && \
        export GNUPGHOME=$(mktemp -d) && \
        wget ${GROCY_RELEASE_KEY_URI} -O - | gpg --batch --import && \
        git clone --branch ${GROCY_VERSION} --config advice.detachedHead=false --depth 1 "https://github.com/grocy/grocy.git" . && \
        git verify-commit ${GROCY_VERSION} && \
        rm -rf ${GNUPGHOME} && \
        mkdir data/viewcache && \
        cp config-dist.php data/config.php

# Install application dependencies
RUN     COMPOSER_OAUTH=${GITHUB_API_TOKEN:+"\"github.com\": \"${GITHUB_API_TOKEN}\""} && \
        COMPOSER_AUTH="{\"github-oauth\": { ${COMPOSER_OAUTH} }}" composer install --no-interaction --no-dev --optimize-autoloader && \
        composer clear-cache

# Remove build-time dependencies (privileged)
USER root
RUN     apk del \
            composer \
            git \
            gnupg \
            wget

VOLUME ["/var/www/data"]

EXPOSE 9000

USER www-data

CMD ["php-fpm7"]