FROM almalinux:9 AS builder

ARG KANIDM_VERSION
ARG KANIDM_FEATURES
ARG KANIDM_BUILD_PROFILE="container_generic"
ARG KANIDM_BUILD_OPTIONS=""

# Set the build profile
ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic}
ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.mold"

RUN dnf install -y epel-release dnf-plugins-core \
  && dnf update -y \
  && dnf config-manager --enable crb \
  && dnf clean all \
  && rm -rf /var/cache/yum

RUN dnf install -y clang mold pam-devel openssl-devel git make automake gawk systemd-libs systemd-devel systemd-udev \
  && dnf clean all \
  && rm -rf /var/cache/yum

# Get Rust
ENV RUSTUP_HOME=/root/.rustup
ENV CARGO_HOME=/root/.cargo
ENV PATH=/root/.cargo/bin:${PATH}
RUN curl -s --proto '=https' --tlsv1.3 -sSf 'https://sh.rustup.rs' | sh -s -- -y --no-modify-path || true

RUN git clone --branch $KANIDM_VERSION --depth 1 https://github.com/kanidm/kanidm.git /usr/src/kanidm

WORKDIR /usr/src/kanidm

# Exports don't persist through RUN statements.
RUN make release/kanidmd
RUN make release/kanidm

FROM almalinux:9

COPY *.repo /etc/yum.repos.d/

RUN dnf install -y openssl sqlite pam kubectl \
  && dnf clean all \
  && rm -rf /var/cache/yum

COPY --from=builder /usr/src/kanidm/target/release/kanidmd /sbin/
COPY --from=builder /usr/src/kanidm/target/release/kanidm /sbin/
COPY --from=builder /usr/src/kanidm/server/core/static /hpkg
RUN chmod +x /sbin/kanidmd

WORKDIR /data

EXPOSE 8443 3636

ENV RUST_BACKTRACE=1

HEALTHCHECK \
    --interval=60s \
    --timeout=10s \
    --start-period=60s \
    --start-interval=5s \
    --retries=3 \
    CMD [ "/sbin/kanidmd", "healthcheck", "-c", "/data/server.toml"]

CMD [ "/sbin/kanidmd", "server", "-c", "/data/server.toml"]