ARG ALPINE_VERSION=3.23
FROM alpine:${ALPINE_VERSION}

ARG BUILDER_UID=1000
ARG BUILDER_GID=1000

RUN apk add --no-cache \
    abuild-rootbld \
    alpine-sdk \
    atools-apkbuild-lint \
    bash \
    ca-certificates \
    doas \
    git \
    sudo

RUN addgroup -g "${BUILDER_GID}" builder \
  && adduser -D -u "${BUILDER_UID}" -G builder builder \
  && addgroup builder abuild \
  && addgroup builder wheel \
  && mkdir -p \
    /var/cache/distfiles \
    /home/builder/.cache/cargo \
    /home/builder/.cache/cargo-target \
    /home/builder/.cache/rustup \
    /home/builder/packages \
  && chgrp abuild /var/cache/distfiles /home/builder/packages \
  && chmod g+w /var/cache/distfiles /home/builder/packages \
  && chown -R builder:builder /home/builder/.cache \
  && printf 'permit nopass :wheel\n' > /etc/doas.d/wheel.conf \
  && printf '%%wheel ALL=(ALL) NOPASSWD: ALL\n' > /etc/sudoers.d/wheel

COPY scripts/apk/container-entrypoint.sh /usr/local/bin/alpine-package-entrypoint
RUN chmod +x /usr/local/bin/alpine-package-entrypoint

USER builder
WORKDIR /work
ENTRYPOINT ["/usr/local/bin/alpine-package-entrypoint"]
