ARG TAG=latest
FROM docker.io/library/debian:trixie AS build

# create a sandbox user for the build (in ~builder) and install (in /opt)
# give it permissions to the build dir and home
# upgrade everything
# add dependencies, as specified by the Sequoia README.md file
RUN groupadd builder && \
    useradd --no-log-init --create-home --gid builder builder && \
    apt-get update && \
    apt-get upgrade --assume-yes && \
    apt-get install --assume-yes --no-install-recommends \
        ca-certificates \
        capnproto \
        cargo \
        git \
        libclang-dev \
        libsqlite3-dev \
        libssl-dev \
        make \
        nettle-dev \
        pkg-config \
        rustc \
        && \
    apt-get clean && \
    chown builder /opt

COPY --chown=builder:builder . /home/builder/sequoia

# switch to the sandbox user
USER builder
WORKDIR /home/builder/sequoia

RUN cargo install --locked --path .

FROM docker.io/library/debian:trixie-slim
COPY --from=build /home/builder/.cargo/bin/sq-git /usr/bin/sq-git

RUN apt-get update -y -qq && \
    apt-get install -y -qq --no-install-recommends \
        ca-certificates \
        libsqlite3-0 \
	libssl3 \
	git && \
    apt-get clean && \
    rm -fr /var/lib/lists/* /var/cache/* /usr/share/doc/* /usr/share/locale/*

COPY ./scripts/*.sh /usr/sbin/

CMD ["/usr/bin/sq-git", "--help"]
