ARG BUILD_PLATFORM="linux/amd64"
ARG BUILDER_IMAGE="golang:1.19"
ARG BASE_IMAGE="gcr.io/distroless/base-debian11"
FROM --platform=$BUILD_PLATFORM $BUILDER_IMAGE as builder

WORKDIR /
COPY . ./

RUN apt-get update && apt install unzip

# Get notation binary
ARG NOTATION_LINK="https://github.com/notaryproject/notation/releases/download/v1.0.0-rc.7/notation_1.0.0-rc.7_linux_amd64.tar.gz"
ARG NOTATION_FILE="notation_1.0.0-rc.7_linux_amd64.tar.gz"
RUN wget -O ${NOTATION_FILE} ${NOTATION_LINK} \
 && tar -xzf ${NOTATION_FILE} \
 && rm ${NOTATION_FILE}

# Get Signer plugin binary
ARG SIGNER_BINARY_LINK="https://d2hvyiie56hcat.cloudfront.net/linux/amd64/plugin/latest/notation-aws-signer-plugin.zip"
ARG SIGNER_ZIP_FILE="notation-aws-signer-plugin.zip"
RUN wget -O ${SIGNER_ZIP_FILE} ${SIGNER_BINARY_LINK}
ARG SIGNER_BINARY_FILE="notation-com.amazonaws.signer.notation.plugin"
RUN unzip -o ${SIGNER_ZIP_FILE}

# Get Signer cert
ARG SIGNER_CERT_LINK="https://d2hvyiie56hcat.cloudfront.net/aws-signer-notation-root.cert"
ARG SIGNER_CERT_FILE="aws-signer-notation-root.cert"
RUN wget -O ${SIGNER_CERT_FILE} ${SIGNER_CERT_LINK}

# Disable default GOPROXY
RUN go env -w GOPROXY=direct
# Build Go binary
RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ./cmd/init/main.go

FROM amd64/amazonlinux:2.0.20230207.0
RUN yum install tree -y
WORKDIR /

# Notation home
ENV XDG_CONFIG_HOME=/verify

COPY --from=builder notation notation
COPY --from=builder aws-signer-notation-root.cert signer/aws-signer-notation-root.cert
COPY --from=builder notation-com.amazonaws.signer.notation.plugin signer/notation-com.amazonaws.signer.notation.plugin
COPY --from=builder main main
ENTRYPOINT ["/main"]