VERSION 0.8

# Base targets

base-rust:
  FROM rust:bookworm
  RUN rustup component add clippy
  RUN curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C /usr/local/cargo/bin
  RUN cargo install wasm-pack wasm-bindgen-cli && rustup target add wasm32-unknown-unknown
  RUN cargo install cargo-audit
  WORKDIR /upend
  CACHE $HOME/.cargo
  COPY Cargo.toml Cargo.lock .
  COPY base/Cargo.toml base/Cargo.toml
  COPY cli/Cargo.toml cli/Cargo.toml
  COPY db/Cargo.toml db/Cargo.toml
  COPY wasm/Cargo.toml wasm/Cargo.toml
  RUN cargo fetch --locked

base-backend:
  FROM +base-rust
  COPY --dir base cli db wasm .

base-node:
  FROM node:lts-iron
  RUN npm install -g pnpm
  WORKDIR /upend
  CACHE $HOME/.local/share/pnpm
  COPY +wasmlib/pkg-web wasm/pkg-web
  COPY +wasmlib/pkg-node wasm/pkg-node
  COPY sdks/js/package.json sdks/js/pnpm-lock.yaml sdks/js/
  RUN cd sdks/js && rm -rf node_modules && pnpm install --frozen-lockfile
  COPY webui/package.json webui/pnpm-lock.yaml webui/
  RUN cd webui && rm -rf node_modules && pnpm install --frozen-lockfile
  COPY --dir webui webext .
  COPY --dir sdks/js sdks/

base-frontend:
  FROM +base-node
  COPY +jslib/dist sdks/js/dist
  WORKDIR webui
  RUN rm -rf node_modules && pnpm install --frozen-lockfile

# Intermediate targets

upend-bin:
  FROM +base-backend
  CACHE --id=rust-target target
  COPY +git-version/version.txt .
  RUN UPEND_VERSION=$(cat version.txt) cargo build --release
  RUN cp target/release/upend upend.bin
  SAVE ARTIFACT upend.bin upend

webui:
  FROM +base-frontend
  RUN pnpm build
  SAVE ARTIFACT dist

wasmlib:
  FROM --platform=linux/amd64 +base-rust
  COPY --dir base wasm .
  WORKDIR wasm
  CACHE target
  RUN wasm-pack build --target web --out-dir pkg-web && \
      wasm-pack build --target nodejs --out-dir pkg-node
  RUN sed -e 's%"name": "upend_wasm"%"name": "@upnd/wasm-web"%' -i pkg-web/package.json && \
      sed -e 's%"name": "upend_wasm"%"name": "@upnd/wasm-node"%' -i pkg-node/package.json
  SAVE ARTIFACT pkg-web
  SAVE ARTIFACT pkg-node

jslib:
  FROM +base-node
  WORKDIR sdks/js
  RUN pnpm build
  SAVE ARTIFACT dist 

webext:
  FROM +base-node
  WORKDIR webext
  RUN pnpm build
  SAVE ARTIFACT web-ext-artifacts/*.zip
  
# Final targets

appimage:
  FROM debian:bookworm
  RUN apt-get update && \
      apt-get -y install wget pipx binutils coreutils desktop-file-utils fakeroot fuse libgdk-pixbuf2.0-dev patchelf python3-pip python3-setuptools squashfs-tools strace util-linux zsync && \
      pipx ensurepath && \
      pipx install appimage-builder
  COPY +upend-bin/upend AppDir/usr/bin/upend
  COPY --dir +webui/dist AppDir/usr/share/upend/webui
  COPY assets/upend.png AppDir/usr/share/icons/upend.png
  COPY build/AppImageBuilder.yml .
  RUN sed -e "s/latest/$(./AppDir/usr/bin/upend --version | cut -d ' ' -f 2)/" -i AppImageBuilder.yml
  RUN pipx run appimage-builder
  SAVE ARTIFACT UpEnd*

appimage-signed:
  FROM alpine
  RUN apk add gpg gpg-agent
  RUN --secret GPG_SIGN_KEY echo "$GPG_SIGN_KEY" | gpg --import
  COPY +appimage/*.AppImage .
  RUN gpg --detach-sign --sign --armor *.AppImage
  SAVE ARTIFACT *.AppImage
  SAVE ARTIFACT *.asc

docker-minimal:
  FROM debian:bookworm
  RUN apt-get update && \
    apt-get -y install libssl3 ca-certificates && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*
  DO +DOCKER_COMMON
  ARG tag=trunk
  SAVE IMAGE --push upend/upend:$tag-minimal

docker:
  FROM debian:bookworm
  RUN apt-get update && \
    apt-get -y install --no-install-recommends ffmpeg wget libssl3 ca-certificates && \
    wget https://github.com/bbc/audiowaveform/releases/download/1.8.1/audiowaveform_1.8.1-1-12_amd64.deb && \
    apt-get -y install ./audiowaveform_1.8.1-1-12_amd64.deb && \
    rm -v audiowaveform_1.8.1-1-12_amd64.deb && \
    apt-get remove -y wget && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*
  DO +DOCKER_COMMON
  ARG tag=trunk
  SAVE IMAGE --push upend/upend:$tag

DOCKER_COMMON:
  FUNCTION
  COPY +upend-bin/upend /usr/bin/upend
  COPY --dir +webui/dist /usr/share/upend/webui
  ENTRYPOINT ["/usr/bin/upend"]
  CMD ["serve", "/vault", "--bind", "0.0.0.0:8093"]
  EXPOSE 8093
  ENV UPEND_NO_DESKTOP=true
  ENV UPEND_ALLOW_HOST='*'

# CI targets

lint:
  WAIT
    BUILD +lint-backend
    BUILD +lint-frontend
    BUILD +lint-jslib
  END

lint-backend:
  FROM +base-backend
  CACHE --id=rust-target target
  RUN cargo clippy --workspace

lint-frontend:
  FROM +base-frontend
  RUN pnpm check && pnpm lint
  
lint-jslib:
  FROM +base-node
  WORKDIR sdks/js
  RUN pnpm lint

audit:
  WAIT
    BUILD +audit-backend
    BUILD +audit-frontend
  END

audit-backend:
  FROM +base-backend
  CACHE --id=rust-target target
  RUN cargo audit --workspace

audit-frontend:
  FROM +base-frontend
  RUN pnpm audit

test:
  WAIT
    BUILD +test-backend
    BUILD +test-jslib
  END

test-backend:
  FROM +base-backend
  CACHE --id=rust-target target
  RUN cargo nextest run --workspace

test-jslib:
  FROM +base-node
  WORKDIR sdks/js
  RUN pnpm build && pnpm test

# Deployment targets

deploy-appimage-nightly:
  FROM alpine
  RUN apk add openssh-client
  RUN --secret SSH_CONFIG --secret SSH_UPLOAD_KEY --secret SSH_KNOWN_HOSTS \
    mkdir -p $HOME/.ssh && \
    echo "$SSH_CONFIG" > $HOME/.ssh/config && \
    echo "$SSH_UPLOAD_KEY" > $HOME/.ssh/id_rsa && \
    echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts && \
    chmod 600 $HOME/.ssh/*
  COPY +appimage-signed/* .
  RUN --push scp -v *.AppImage *.asc mainsite:releases/nightly
  
publish-js-all:
  WAIT
    BUILD +publish-js-wasm
    BUILD +publish-js-lib
  END

publish-js-lib:
  FROM +base-npm-publish
  WORKDIR /upend/sdks/js
  DO +NPM_PUBLISH --pkg_name=@upnd/upend

publish-js-wasm:
  FROM +base-npm-publish
  WORKDIR /upend/wasm/pkg-web
  DO +NPM_PUBLISH --pkg_name=@upnd/wasm-web
  WORKDIR /upend/wasm/pkg-node
  DO +NPM_PUBLISH --pkg_name=@upnd/wasm-node

base-npm-publish:
  FROM +base-node
  RUN --secret NPM_TOKEN echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > $HOME/.npmrc
  COPY +jslib/dist sdks/js/dist

NPM_PUBLISH:
  FUNCTION
  ARG pkg_name
  IF --no-cache [ "`npm view $pkg_name version`" != "`node -p \"require('./package.json').version\"`" ]
    RUN echo "Publishing $pkg_name to npm..."
    RUN --push npm publish --access public
  ELSE
    RUN echo "Nothing to do for $pkg_name."
  END

# Utility targets

git-version:
  FROM debian:bookworm
  RUN apt-get update && \
    apt-get -y install git && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*
  COPY build/get_version.sh build/get_version.sh
  COPY .git .git
  RUN ./build/get_version.sh > /tmp/upend_version.txt && cat /tmp/upend_version.txt
  SAVE ARTIFACT /tmp/upend_version.txt version.txt

changelog:
  FROM orhunp/git-cliff
  COPY .git .git
  RUN git-cliff --bump -o CHANGELOG.md
  SAVE ARTIFACT CHANGELOG.md

current-changelog:
  FROM orhunp/git-cliff
  COPY .git .git
  RUN git-cliff --current -o CHANGELOG_CURRENT.md
  SAVE ARTIFACT CHANGELOG_CURRENT.md

update-changelog:
  LOCALLY
  COPY +changelog/CHANGELOG.md .
  RUN git add CHANGELOG.md && git commit -m "release: Update CHANGELOG"
  RUN --push git push

dev-local:
  FROM debian:bookworm
  COPY +jslib/dist /js-dist
  COPY +wasmlib/pkg-web /wasm-web
  COPY +wasmlib/pkg-node /wasm-node
  SAVE ARTIFACT /js-dist AS LOCAL sdks/js/dist
  SAVE ARTIFACT /wasm-web AS LOCAL wasm/pkg-web
  SAVE ARTIFACT /wasm-node AS LOCAL wasm/pkg-node
  
dev-update-sdk:
  LOCALLY
  WORKDIR sdks/js
  RUN pnpm build
  WORKDIR webui
  RUN pnpm install