# Build stage
FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
ARG BUILD_CONFIGURATION=Release
WORKDIR /src

# Copy Common project
COPY ["src/LiquidCode.Tester.Common/LiquidCode.Tester.Common.csproj", "src/LiquidCode.Tester.Common/"]

# Copy Worker project
COPY ["src/LiquidCode.Tester.Worker/LiquidCode.Tester.Worker.csproj", "src/LiquidCode.Tester.Worker/"]

# Restore dependencies
RUN dotnet restore "src/LiquidCode.Tester.Worker/LiquidCode.Tester.Worker.csproj"

# Copy all source files
COPY . .

# Build
WORKDIR "/src/src/LiquidCode.Tester.Worker"
RUN dotnet build "./LiquidCode.Tester.Worker.csproj" -c $BUILD_CONFIGURATION -o /app/build

# Publish stage
FROM build AS publish
ARG BUILD_CONFIGURATION=Release
RUN dotnet publish "./LiquidCode.Tester.Worker.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false

# Final stage - use aspnet runtime with all compilers
FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS final
WORKDIR /app

# Install compilers and runtimes for all supported languages
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
    # C++ compiler and build tools
    g++ \
    gcc \
    make \
    # Java Development Kit and Runtime
    openjdk-17-jdk \
    # Python
    python3 \
    python3-pip \
    # Kotlin compiler
    wget \
    unzip \
    && wget -q https://github.com/JetBrains/kotlin/releases/download/v1.9.20/kotlin-compiler-1.9.20.zip -O /tmp/kotlin.zip \
    && unzip -q /tmp/kotlin.zip -d /opt \
    && rm /tmp/kotlin.zip \
    && ln -s /opt/kotlinc/bin/kotlinc /usr/local/bin/kotlinc \
    && ln -s /opt/kotlinc/bin/kotlin /usr/local/bin/kotlin \
    # Cleanup
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

# Install Mono for C# compilation (csc)
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
    ca-certificates \
    gnupg \
    && gpg --homedir /tmp --no-default-keyring --keyring /usr/share/keyrings/mono-official-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF \
    && echo "deb [signed-by=/usr/share/keyrings/mono-official-archive-keyring.gpg] https://download.mono-project.com/repo/debian stable-buster main" | tee /etc/apt/sources.list.d/mono-official-stable.list \
    && apt-get update \
    && apt-get install -y --no-install-recommends mono-devel \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

# Install Isolate sandbox for secure code execution
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
    git \
    libcap-dev \
    libsystemd-dev \
    pkg-config \
    && git clone https://github.com/ioi/isolate.git /tmp/isolate \
    && cd /tmp/isolate \
    && make isolate \
    && make install \
    && rm -rf /tmp/isolate \
    && apt-get remove -y git \
    && apt-get autoremove -y \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

# Create unprivileged user for running the worker service
RUN useradd -m -u 1001 -s /bin/bash workeruser && \
    mkdir -p /var/local/lib/isolate && \
    chmod 755 /var/local/lib/isolate && \
    chown -R workeruser:workeruser /var/local/lib/isolate

# Configure isolate directories (defaults in isolate binary already match these paths)
# The binary falls back to /var/local/lib/isolate for boxes and /sys/fs/cgroup for cgroups,
# so no explicit config file is required here.

# Copy published app
COPY --from=publish /app/publish .

# Create temp directory for compilation and testing with proper permissions
RUN mkdir -p /tmp/testing && \
    chown -R workeruser:workeruser /tmp/testing && \
    chown -R workeruser:workeruser /app

ENV ASPNETCORE_URLS=http://+:8080

# Switch to unprivileged user
USER workeruser

ENTRYPOINT ["dotnet", "LiquidCode.Tester.Worker.dll"]