FROM registry-app.eng.qops.net:5001/imported/alpine:3.15 as certs
RUN apk update && apk add --no-cache ca-certificates

FROM registry-app.eng.qops.net:5001/imported/alpine:3.15 as encoder
WORKDIR /main
RUN apk update && apk add --no-cache gpg gpg-agent
ARG KEY=""
COPY ./releasedata ./releasedata
RUN cat ./releasedata/users.yaml \
	| gpg --batch --no-tty --passphrase="$KEY" --cipher-algo AES256 --symmetric -z 0 \
	> ./users.yaml.gpg

FROM registry-app.eng.qops.net:5001/imported/alpine:3.15 as runner
RUN apk update && apk --no-cache upgrade && apk add --no-cache bash gpg gpg-agent
WORKDIR /main
COPY --from=certs /etc/ssl/certs /etc/ssl/certs
COPY --from=encoder /main/users.yaml.gpg ./

COPY ./exec-server ./
COPY ./public ./public
RUN test -e /main/exec-server
RUN test -d /main/public
RUN mkdir -p /var/log /main/public/files /main/public/media

ENV GOPATH=""
VOLUME /main/public/files
VOLUME /main/public/media
ENV COOKIE_SECRET
ENV KEY
RUN echo 'cat /main/users.yaml.gpg | gpg --batch --no-tty --passphrase="$KEY" --decrypt > /main/users.yaml && /main/exec-server "$@"' > /main/entrypoint.sh
ENTRYPOINT ["bash", "/main/entrypoint.sh"]
CMD []