# syntax=docker/dockerfile:1

# Comments are provided throughout this file to help you get started.
# If you need more help, visit the Dockerfile reference guide at
# https://docs.docker.com/engine/reference/builder/

ARG PYTHON_VERSION=3.10.1
FROM python:${PYTHON_VERSION}-slim as base

# Prevents Python from writing pyc files.
ENV PYTHONDONTWRITEBYTECODE=1

# Keeps Python from buffering stdout and stderr to avoid situations where
# the application crashes without emitting any logs due to buffering.
ENV PYTHONUNBUFFERED=1

ENV ARXIV_QUERY=""
ENV SMTP_ADDRESS=""
ENV SMTP_PORT=""
ENV SMTP_USER_NAME=""
ENV SMTP_PASSWORD=""

# Install required binary packages.
RUN apt-get update && apt-get install -y \
  imagemagick \
  && rm -rf /var/lib/apt/lists/*

# Add PDF processing to the ImageMagic policy.
RUN sed -i 's/<policy domain="coder" rights="none" pattern="PDF" \/>/<policy domain="coder" rights="read|write" pattern="PDF" \/>/g' /etc/ImageMagick-6/policy.xml

# DEBUG. Only for debug purposes.
RUN apt-get update && apt-get install -y \
  curl \
  procps \
  sudo \
  vim \
  && rm -rf /var/lib/apt/lists/*

WORKDIR /app

# Create a non-privileged user that the app will run under.
# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
ARG UID=10001
#RUN adduser \
#    --disabled-password \
#    --gecos "" \
#    --home "/nonexistent" \
#    --shell "/sbin/nologin" \
#    --no-create-home \
#    --uid "${UID}" \
#    appuser

# DEBUG. Only for debug purposes.
RUN useradd -r -u ${UID} -s /sbin/nologin -d /nonexistent appuser
# RUN echo "appuser:12345678" | chpasswd
# RUN echo 'appuser ALL=(ALL) NOPASSWD:ALL' | tee -a /etc/sudoers

# Upgrade pip
RUN python -m pip install --upgrade pip

# Download dependencies as a separate step to take advantage of Docker's caching.
# Leverage a cache mount to /root/.cache/pip to speed up subsequent builds.
# Leverage a bind mount to requirements.txt to avoid having to copy them into
# into this layer.
RUN --mount=type=cache,target=/root/.cache/pip \
    --mount=type=bind,source=requirements.txt,target=requirements.txt \
    python -m pip install -r requirements.txt

# Switch to the non-privileged user to run the application.
USER appuser

# Copy the source code into the container.
COPY --chown=appuser . .

# Change file mode(s).
RUN chmod 0744 cron.sh

# Expose the port that the application listens on.
EXPOSE 5000

# Run the application.
CMD export FLASK_APP=serve.py; flask run --host=0.0.0.0
