# Container Name:: nodejs
# Copyright (c) 2019 Twitch, All Rights Reserved.

FROM ecr.clients.internal.justin.tv/alpine:3.9.0-1 as keyed-base

ARG SIGNING_KEYS="4ED778F539E3634C779C87C6D7062848A1AB005C \
                  94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
                  1C050899334244A8AF75E53792EF661D867B9DFA \
                  71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
                  8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
                  C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
                  C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
                  DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
                  A48C2BEE680E841632CD4E44F07496B3EB3C1762 \
                  108F52B48DB57BB0CC439B2997B01419BD92F80A \
                  B9E2F5981AA6E0CD28160D9FF13993A75599653C"

ARG BUILD_PACKAGES="gnupg"

RUN mkdir ~/.gnupg &&\
    echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf &&\
    chmod 700 ~/.gnupg

RUN apk add --no-cache -U $BUILD_PACKAGES && \
    gpg --batch --keyserver hkps.pool.sks-keyservers.net --recv-keys $SIGNING_KEYS || \
    gpg --batch --keyserver na.pool.sks-keyservers.net --recv-keys $SIGNING_KEYS || \
    gpg --batch --keyserver ipv4.pool.sks-keyservers.net --recv-keys $SIGNING_KEYS || \
    gpg --batch --keyserver pool.sks-keyservers.net --recv-keys $SIGNING_KEYS || \
    gpg --batch --keyserver 80.sks-keyservers.net:80 --recv-keys $SIGNING_KEYS && \
    apk --no-cache del $BUILD_PACKAGES

FROM keyed-base

ONBUILD RUN apk upgrade --no-cache -U && \
            update-ca-certificates

ENV NPM_CONFIG_LOGLEVEL info
ENV NODE_VERSION 14.15.0

ARG BUILD_PACKAGES="binutils-gold curl g++ gcc gnupg libgcc linux-headers make python"
ARG RUNTIME_PACKAGES="libstdc++"

WORKDIR /tmp/nodejs
ADD stack-fix.c /tmp/nodejs

RUN addgroup -g 1000 node && \
    adduser -u 1000 -G node -s /bin/sh -D node && \
    apk add --no-cache -U $BUILD_PACKAGES $RUNTIME_PACKAGES && \
    gcc  -shared -fPIC /tmp/nodejs/stack-fix.c -o /lib/stack-fix.so && \
    curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" && \
    curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" && \
    gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc && \
    grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - && \
    tar -xf "node-v$NODE_VERSION.tar.xz" && \
    cd "node-v$NODE_VERSION" && \
    ./configure && \
    make -j$(getconf _NPROCESSORS_ONLN) && \
    make install && \
    rm -rf /tmp/nodejs && \
    apk --no-cache del $BUILD_PACKAGES

ENV LD_PRELOAD /lib/stack-fix.so
