# syntax=docker/dockerfile:experimental
# Test image that starts up containerd and the devmapper snapshotter. The default CMD will drop to a bash shell. Overrides
# to CMD will be provided appended to /bin/bash -c
FROM golang:1.17-bullseye
ENV PATH="/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/go/bin"
ENV INSTALLROOT="/usr/local"
ENV DEBIAN_FRONTEND="noninteractive"

ARG FIRECRACKER_TARGET=x86_64-unknown-linux-musl
ENV FICD_LOG_DIR="/var/log/firecracker-containerd-test"
ENV FICD_CONTAINERD_OUTFILE="${FICD_LOG_DIR}/containerd.out"

RUN apt-get update && apt-get install --yes --no-install-recommends \
  build-essential \
  ca-certificates \
  curl \
  git \
  iptables \
  iperf3 \
  libdevmapper-dev \
  libseccomp-dev \
  tcpdump \
  iproute2 \
  rng-tools # used for rngtest

RUN mkdir -p \
  /var/run/firecracker-containerd \
  /src \
  /srv/firecracker_containerd_tests \
  ${FICD_LOG_DIR} \
  /etc/cni/net.d

# Install containerd to have runc shim.
ENV CTRD_VERSION="1.6.8"
RUN ARCH=`go env GOARCH` && \
	wget --quiet -O- https://github.com/containerd/containerd/releases/download/v$CTRD_VERSION/containerd-$CTRD_VERSION-linux-${ARCH}.tar.gz | tar zxf - -C /tmp/ && \
  install -D -o root -g root -m755 -t /usr/local/bin /tmp/bin/containerd-shim-runc-v2 && \
  rm -rf /tmp/bin

# Install critest.
ENV CRITEST_VERSION="1.23.0"
RUN ARCH=`go env GOARCH` && \
  wget --quiet -O- https://github.com/kubernetes-sigs/cri-tools/releases/download/v$CRITEST_VERSION/critest-v$CRITEST_VERSION-linux-${ARCH}.tar.gz | tar zxf - -C /tmp/ && \
  install -D -o root -g root -m755 -t /usr/local/bin /tmp/critest && \
  rm -f /tmp/critest

# Pull the images the tests need into the content store so we don't need internet
# access during the tests themselves. This runs as a seperate step before the other
# installs so we can minimize re-runs of the time-expensive downloading of images.
COPY tools/docker/config.toml /etc/containerd/config.toml
COPY tools/docker/do_not_edit_for_firecracker-control.config.json /etc/containerd/firecracker-runtime.json
COPY tools/demo/fcnet.conflist /etc/cni/net.d/10-fcnet.conflist

RUN --mount=type=bind,target=/src \
  make -C /src install && \
  ln -sv /usr/local/bin/firecracker-containerd /usr/local/bin/containerd && \
  ln -sv /usr/local/bin/firecracker-ctr /usr/local/bin/ctr

RUN containerd 2>/dev/null & \
  ctr --address /run/firecracker-containerd/containerd.sock content fetch docker.io/library/alpine:3.10.1 >/dev/null && \
  ctr --address /run/firecracker-containerd/containerd.sock content fetch docker.io/mlabbe/iperf3:3.6-r0 >/dev/null && \
  ctr --address /run/firecracker-containerd/containerd.sock content fetch docker.io/library/postgres:14.3 >/dev/null

ADD bin/firecracker /usr/local/bin

# Install everything we need in this image. Due to the bind-mount, if the host has already
# up-to-date versions of everything built, this step will be a very quick copy
RUN --mount=type=bind,target=/src make -C /src \
  install \
  install-runc \
  install-kernel \
  install-default-rootfs \
  install-default-runc-jailer-config \
  install-test-cni-bins \
  install-test-rootfs \
  install-stargz-rootfs \
  demo-network

RUN --mount=type=bind,target=/src make -C /src/snapshotter install

COPY tools/docker/entrypoint.sh /entrypoint
ENTRYPOINT ["/entrypoint"]
CMD ["exec /bin/bash"]