# Step 1: build all bundled programs built with Bazel
FROM gcr.io/cloud-builders/bazel AS bazel_builder
ARG _BUILD_TOOLS_CACHE

ADD . /workspace
WORKDIR /workspace
RUN bazel build \
  --remote_cache=$_BUILD_TOOLS_CACHE \
  //src/cmd/cos_customizer:cos_customizer \
  //src/cmd/provisioner:provisioner_amd64 \
  //src/cmd/provisioner:provisioner_arm64 \
  //src/cmd/metadata_watcher:metadata_watcher_amd64 \
  //src/cmd/metadata_watcher:metadata_watcher_arm64 \
  //src/cmd/handle_disk_layout:handle_disk_layout_bin_amd64 \
  //src/cmd/handle_disk_layout:handle_disk_layout_bin_arm64 \
  @com_github_googlecloudplatform_docker_credential_gcr//:docker-credential-gcr_amd64 \
  @com_github_googlecloudplatform_docker_credential_gcr//:docker-credential-gcr_arm64; \
  mkdir -p _out/amd64; \
  cp \
    $(bazel cquery --output=files //src/cmd/cos_customizer:cos_customizer) \
    $(bazel cquery --output=files //src/cmd/provisioner:provisioner_amd64) \
    $(bazel cquery --output=files //src/cmd/metadata_watcher:metadata_watcher_amd64) \
    $(bazel cquery --output=files //src/cmd/handle_disk_layout:handle_disk_layout_bin_amd64) \
    $(bazel cquery --output=files @com_github_googlecloudplatform_docker_credential_gcr//:docker-credential-gcr_amd64) \
    _out/amd64; \
  mkdir -p _out/arm64; \
  cp \
    $(bazel cquery --output=files //src/cmd/provisioner:provisioner_arm64) \
    $(bazel cquery --output=files //src/cmd/metadata_watcher:metadata_watcher_arm64) \
    $(bazel cquery --output=files //src/cmd/handle_disk_layout:handle_disk_layout_bin_arm64) \
    $(bazel cquery --output=files @com_github_googlecloudplatform_docker_credential_gcr//:docker-credential-gcr_arm64) \
    _out/arm64

# Step 2: build CIDATA and SCRATCH images
FROM marketplace.gcr.io/google/debian12 AS cidata_builder

RUN dpkg --add-architecture arm64; apt-get update; \
  apt-get install -y --no-install-recommends dosfstools mtools

# Output in /opt/veritysetup_amd64/veritysetup_amd64.tar.gz
RUN mkdir -p /opt/veritysetup_amd64/{root,debs}
WORKDIR /opt/veritysetup_amd64/debs
RUN apt-get download \
  coreutils:amd64 \
  tar:amd64 \
  libacl1:amd64 \
  libattr1:amd64 \
  libc6:amd64 \
  libselinux1:amd64 \
  libpcre3:amd64 \
  cryptsetup-bin:amd64 \
  libblkid1:amd64 \
  libcryptsetup12:amd64 \
  libpopt0:amd64 \
  libuuid1:amd64 \
  libdevmapper1.02.1:amd64 \
  libgcrypt20:amd64 \
  libargon2-1:amd64 \
  libjson-c5:amd64 \
  libudev1:amd64 \
  libssl3:amd64 \
  libpcre2-8-0:amd64
WORKDIR /opt/veritysetup_amd64
RUN for f in debs/*.deb; do dpkg-deb --extract $f root; done; \
  tar czf veritysetup_amd64.tar.gz -C root .

# Output in /opt/veritysetup_arm64/veritysetup_arm64.tar.gz
RUN mkdir -p /opt/veritysetup_arm64/{root,debs}
WORKDIR /opt/veritysetup_arm64/debs
RUN apt-get download \
  coreutils:arm64 \
  tar:arm64 \
  libacl1:arm64 \
  libattr1:arm64 \
  libc6:arm64 \
  libselinux1:arm64 \
  libpcre3:arm64 \
  cryptsetup-bin:arm64 \
  libblkid1:arm64 \
  libcryptsetup12:arm64 \
  libpopt0:arm64 \
  libuuid1:arm64 \
  libdevmapper1.02.1:arm64 \
  libgcrypt20:arm64 \
  libargon2-1:arm64 \
  libjson-c5:arm64 \
  libudev1:arm64 \
  libssl3:arm64 \
  libpcre2-8-0:arm64
WORKDIR /opt/veritysetup_arm64
RUN for f in debs/*.deb; do dpkg-deb --extract $f root; done; \
  tar czf veritysetup_arm64.tar.gz -C root .

# Output in /opt/cidata/cidata.img
RUN mkdir -p /opt/cidata/deps
WORKDIR /opt/cidata
COPY --from=bazel_builder /workspace/src/data/startup.yaml deps/user-data
COPY --from=bazel_builder /workspace/_out/amd64 deps/amd64
COPY --from=bazel_builder /workspace/_out/arm64 deps/arm64
# mkfs.fat block-count value for CIDATA is set to 3906000 KiB (4GB) in order
# to add support for hyperdisk disk-type (which requires 4GB min for disks)
RUN mkfs.fat -n CIDATA -S 512 -s 8 -C cidata.img 3906000; \
  touch meta-data; \
  mcopy -i cidata.img deps/user-data ::/user-data; \
  mcopy -i cidata.img meta-data ::/meta-data; \
  mcopy -i cidata.img deps/amd64/provisioner_amd64 ::/provisioner_amd64; \
  mcopy -i cidata.img deps/arm64/provisioner_arm64 ::/provisioner_arm64; \
  mcopy -i cidata.img deps/amd64/metadata_watcher_amd64 ::/metadata_watcher_amd64; \
  mcopy -i cidata.img deps/arm64/metadata_watcher_arm64 ::/metadata_watcher_arm64; \
  mcopy -i cidata.img deps/amd64/docker-credential-gcr_amd64 ::/docker-credential-gcr_amd64; \
  mcopy -i cidata.img deps/arm64/docker-credential-gcr_arm64 ::/docker-credential-gcr_arm64; \
  mcopy -i cidata.img deps/amd64/handle_disk_layout_bin_amd64 ::/handle_disk_layout_bin_amd64; \
  mcopy -i cidata.img deps/arm64/handle_disk_layout_bin_arm64 ::/handle_disk_layout_bin_arm64; \
  mcopy -i cidata.img /opt/veritysetup_amd64/veritysetup_amd64.tar.gz ::/veritysetup_amd64.tar.gz; \
  mcopy -i cidata.img /opt/veritysetup_arm64/veritysetup_arm64.tar.gz ::/veritysetup_arm64.tar.gz

# Output in /opt/scratch/scratch.img
RUN mkdir -p /opt/scratch
WORKDIR /opt/scratch
RUN fallocate -l 512M scratch.img; \
  mkfs.ext4 scratch.img; \
  tune2fs -c0 -i0 scratch.img; \
  e2label scratch.img SCRATCH

# Step 3: build the cos-customizer container image
FROM gcr.io/compute-image-tools/daisy@sha256:72b5e15f9c8001aea0013213dd897f2c5fbfeba2c23a9c561573d52b4da1b03c AS daisy
FROM marketplace.gcr.io/google/debian12

RUN apt-get update && apt-get install -y --no-install-recommends \
  tar \
  mtools \
  ca-certificates
RUN mkdir -p /tmp; mkdir -p /workspace
COPY --from=bazel_builder /workspace/src/data /data
COPY --from=bazel_builder /workspace/_out/amd64/cos_customizer /cos_customizer
COPY --from=daisy /daisy /daisy
COPY --from=cidata_builder /opt/cidata/cidata.img /cidata.img
COPY --from=cidata_builder /opt/scratch/scratch.img /scratch.img
ENTRYPOINT ["/cos_customizer"]