# syntax=docker/dockerfile:latest

#######################################################################
# Copyright (c) 2024 Huawei Technologies Co., Ltd.
# openFuyao is licensed under Mulan PSL v2.
# You can use this software according to the terms and conditions of the Mulan PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
#          http://license.coscl.org.cn/MulanPSL2
# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
# See the Mulan PSL v2 for more details.
#######################################################################

# Builder image selection. Declared as global ARGs so the base image and its
# version can be overridden at build time, e.g. --build-arg BUILDER_VERSION=1.25.1.
ARG BUILDER=golang
ARG BUILDER_VERSION=1.25.0
ARG BUILDER_IMAGE=cr.openfuyao.cn/openfuyao/builder/$BUILDER:$BUILDER_VERSION

# buildx multi-arch target platform (auto-provided by buildx).
ARG TARGETPLATFORM

# Version stamping. Stamped into the GIE version package via GOLDFLAGS below.
ARG COMMIT_SHA
ARG BUILD_REF=unknown

# Build inputs consumed by the builder's ONBUILD directives. Declared as global
# ARGs so the same-named stage ARGs (declared without defaults by the builder
# image) pick these values up.
#   SRC: copied into the builder's GOPATH src tree via ONBUILD "COPY ${SRC} .".
#        Must be "." (whole context): the onbuild always copies into ".", so any
#        narrower value would flatten the directory layout.
#   PKG: Go package built into /go/bin/app by ONBUILD "go build ${PKG}".
ARG SRC=.
ARG PKG=./cmd/epp

# ldflags appended to the builder's hardened static-pie link flags. CommitSHA and
# BuildRef are injected into the GIE version package read by the epp runner.
ARG GOLDFLAGS="-X sigs.k8s.io/gateway-api-inference-extension/version.CommitSHA=${COMMIT_SHA} -X sigs.k8s.io/gateway-api-inference-extension/version.BuildRef=${BUILD_REF}"

# The openfuyao builder image carries ONBUILD triggers that wire up the toolchain
# (CGO enabled, static-pie, osusergo/netgo, trimpath), COPY the source, and run
# "go build" producing /go/bin/app. CGO is left at the builder default so its
# "-linkmode=external -static-pie" link flags apply; the result is a static binary.
FROM $BUILDER_IMAGE AS build

FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
WORKDIR /app

COPY --from=build /go/bin/app /app/epp

USER 65532:65532

# expose gRPC, health and metrics ports
EXPOSE 9002 9003 9090

ENTRYPOINT ["/app/epp"]