# Sidecar
# The container needs to provide and build two components:
# * barman-cloud
# * instance plugin
# Both components are built before going into a distroless container

# Build the manager binary
FROM --platform=$BUILDPLATFORM golang:1.25.6 AS gobuilder
ARG TARGETOS
ARG TARGETARCH

WORKDIR /workspace
# Copy the Go Modules manifests
COPY ../go.mod go.mod
COPY ../go.sum go.sum
# cache deps before building and copying source so that we don't need to re-download as much
# and so that source changes don't invalidate our downloaded layer
RUN go mod download

ENV GOCACHE=/root/.cache/go-build
ENV GOMODCACHE=/go/pkg/mod

# Copy the go source
COPY ../cmd/manager/main.go cmd/manager/main.go
COPY ../api/ api/
COPY ../internal/ internal/

# Build
# the GOARCH has not a default value to allow the binary be built according to the host where the command
# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build \
    CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/manager/main.go

# Build Python virtualenv with all dependencies
# Using virtualenv ensures bytecode is compiled with correct timestamps
FROM debian:trixie-slim AS pythonbuilder
WORKDIR /build

# Install postgresql-common and setup pgdg repository first
RUN apt-get update && \
    apt-get install -y --no-install-recommends postgresql-common && \
    /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y

# Install build dependencies
# After pgdg repo setup, this ensures we get updated versions from apt.postgresql.org
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        python3 \
        python3-venv \
        python3-dev \
        build-essential \
        libpq-dev \
        liblz4-dev \
        libsnappy-dev

# Copy requirements
COPY containers/sidecar-requirements.txt .

# Create virtualenv and install dependencies
RUN python3 -m venv /venv && \
    /venv/bin/pip install --upgrade pip setuptools wheel && \
    /venv/bin/pip install --no-cache-dir -r sidecar-requirements.txt

# Download and extract runtime library packages and their dependencies
# Using apt-cache to automatically resolve dependencies, filtering out packages
# already present in the distroless base image.
# Distroless package list from: https://github.com/GoogleContainerTools/distroless/blob/main/base/config.bzl
# and https://github.com/GoogleContainerTools/distroless/blob/main/python3/config.bzl
RUN mkdir -p /dependencies /build/downloads && \
    cd /build/downloads && \
    DISTROLESS_PACKAGES="libc6 libssl3t64 libzstd1 zlib1g libgcc-s1 libstdc++6 \
        libbz2-1.0 libdb5.3t64 libexpat1 liblzma5 libsqlite3-0 libuuid1 \
        libncursesw6 libtinfo6 libcom-err2 libcrypt1 libgssapi-krb5-2 \
        libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libnsl2 \
        libreadline8t64 libtirpc3t64 libffi8 libpython3.13-minimal \
        libpython3.13-stdlib python3.13-minimal python3.13-venv" && \
    apt-cache depends --recurse --no-recommends --no-suggests \
        --no-conflicts --no-breaks --no-replaces --no-enhances \
        $DISTROLESS_PACKAGES 2>/dev/null | grep "^\w" | sort -u > /tmp/distroless.txt && \
    apt-cache depends --recurse --no-recommends --no-suggests \
        --no-conflicts --no-breaks --no-replaces --no-enhances \
        libpq5 liblz4-1 libsnappy1v5 2>/dev/null | grep "^\w" | sort -u | \
        grep -v -F -x -f /tmp/distroless.txt > /tmp/packages.txt && \
    apt-get download $(cat /tmp/packages.txt) && \
    for deb in *.deb; do \
        dpkg -x "$deb" /dependencies; \
    done

# Final sidecar image
# Using distroless base for minimal size and less extra packages
FROM gcr.io/distroless/python3-debian13:nonroot

ENV SUMMARY="CloudNativePG Barman plugin" \
    DESCRIPTION="Container image that provides the barman-cloud sidecar" \
    PATH="/venv/bin:$PATH"

LABEL summary="$SUMMARY" \
      description="$DESCRIPTION" \
      io.k8s.display-name="$SUMMARY" \
      io.k8s.description="$DESCRIPTION" \
      name="CloudNativePG Barman plugin sidecar" \
      vendor="CloudNativePG Contributors" \
      url="https://cloudnative-pg.io/" \
      version="" \
      release="1"

# Copy virtualenv with pre-compiled bytecode
COPY --from=pythonbuilder /venv /venv

# Copy runtime libraries from extracted packages
# All libraries are in /usr/lib/x86_64-linux-gnu
COPY --from=pythonbuilder /dependencies/usr/lib /usr/lib

# Copy Go manager binary
COPY --from=gobuilder /workspace/manager /manager

# Compile all Python bytecode as root to avoid runtime compilation
USER 0:0
RUN ["/venv/bin/python3", "-m", "compileall", "-q", "/usr/lib/python3.13", "/venv"]

USER 26:26
ENTRYPOINT ["/manager"]