# checkov:skip=CKV_DOCKER_3 If its good enough for upstream postgres, its good enough for me.
ARG PGSQL_VERSION
FROM postgres:$PGSQL_VERSION-alpine AS postgres

LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
      org.label-schema.vcs-url="https://github.com/benzine-framework/docker-s3db" \
      org.opencontainers.image.source="https://github.com/benzine-framework/docker-s3db"

RUN apk add --no-cache runit && \
    apk --no-cache --repository https://dl-cdn.alpinelinux.org/alpine/edge/main add \
      icu-libs \
      &&\
    apk --no-cache --repository https://dl-cdn.alpinelinux.org/alpine/edge/community add \
    # Current packages don't exist in other repositories
    libavif \
    && \
    apk \
        --no-cache \
        --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing/ \
        #--allow-untrusted \
        add \
            # Packages \
            gnu-libiconv \
            nano \
            curl \
            tini \
            php83 \
            php83-dev \
            php83-common \
            php83-gd \
            php83-xmlreader \
            php83-bcmath \
            php83-ctype \
            php83-curl \
            php83-exif \
            php83-iconv \
            php83-intl \
            php83-mbstring \
            php83-opcache \
            php83-openssl \
            php83-pcntl \
            php83-phar \
            php83-session \
            php83-xml \
            php83-xsl \
            php83-zip \
            php83-zlib \
            php83-dom \
            php83-fpm \
            php83-sodium \
            php83-tokenizer \
            php83-fileinfo \
            php83-simplexml \
            # Iconv Fix
            php83-pecl-apcu \
            ncurses \
            xz \
    && ln -sf /usr/bin/php83 /usr/bin/php
RUN curl https://getcomposer.org/composer-stable.phar --output /usr/local/bin/composer && \
    chmod +x /usr/local/bin/composer
COPY start.sh /usr/local/bin/start.sh
COPY postgres.runit /etc/service/postgres/run
COPY sync-pull.runit /etc/service/sync-pull/run
COPY sync-push.runit /etc/service/sync-push/run
COPY sync-prune.runit /etc/service/sync-prune/run
VOLUME /dumps
WORKDIR /sync
COPY composer.* /sync/
RUN composer install
COPY syncer /sync/syncer
COPY sync /sync/sync
COPY start.sh /sync/start.sh
COPY postgres_healthcheck.sh /usr/local/bin/postgres_healthcheck
ENV PATH="/sync:${PATH}"
RUN ln -s /sync/vendor/bin/wait-for-postgresql /usr/local/bin/wait-for-database && \
    chmod +x /sync/sync /etc/service/*/run /usr/local/bin/postgres_healthcheck
ENTRYPOINT ["/bin/bash", "/sync/start.sh"]
CMD []
HEALTHCHECK --start-period=30s \
    CMD /usr/local/bin/postgres_healthcheck
STOPSIGNAL SIGTERM