# 基于 Ubuntu 24.04
FROM ubuntu:24.04

# 切换到 root 用户
USER root

# 安装必要依赖
RUN apt-get update && \
    apt-get install -y wget supervisor net-tools inetutils-ping vim ca-certificates passwd && \
    apt-get clean && rm -rf /var/lib/apt/lists/*

# 设置 Alertmanager 版本（与本地离线包保持一致）
ARG ALERTMANAGER_VERSION=0.28.1
ARG ALERTMANAGER_ARCH=amd64

# 使用仓库内预置的离线包构建（无需联网）
COPY src/alert/alertmanager/build/alertmanager-${ALERTMANAGER_VERSION}.linux-${ALERTMANAGER_ARCH}.tar.gz /tmp/
RUN tar xvf /tmp/alertmanager-${ALERTMANAGER_VERSION}.linux-${ALERTMANAGER_ARCH}.tar.gz -C /tmp && \
    mv /tmp/alertmanager-${ALERTMANAGER_VERSION}.linux-${ALERTMANAGER_ARCH} /usr/local/alertmanager && \
    rm -f /tmp/alertmanager-${ALERTMANAGER_VERSION}.linux-${ALERTMANAGER_ARCH}.tar.gz

ENV ALERTMANAGER_BASE_PATH=/private/argus/alert/alertmanager

ARG ARGUS_BUILD_UID=2133
ARG ARGUS_BUILD_GID=2015
ENV ARGUS_BUILD_UID=${ARGUS_BUILD_UID}
ENV ARGUS_BUILD_GID=${ARGUS_BUILD_GID}

RUN mkdir -p /usr/share/alertmanager && \
    mkdir -p ${ALERTMANAGER_BASE_PATH} && \
    mkdir -p /private/argus/etc && \
    rm -rf /alertmanager && \
    ln -s ${ALERTMANAGER_BASE_PATH} /alertmanager

# 确保 ubuntu 账户存在并使用 ARGUS_BUILD_UID/GID
RUN set -eux; \
    # 确保存在目标 GID 的组；若不存在则优先尝试将 ubuntu 组改为该 GID，否则创建新组
    if getent group "${ARGUS_BUILD_GID}" >/dev/null; then \
      :; \
    else \
      if getent group ubuntu >/dev/null; then \
        groupmod -g "${ARGUS_BUILD_GID}" ubuntu || true; \
      else \
        groupadd -g "${ARGUS_BUILD_GID}" ubuntu || groupadd -g "${ARGUS_BUILD_GID}" argus || true; \
      fi; \
    fi; \
    # 创建或调整 ubuntu 用户
    if id ubuntu >/dev/null 2>&1; then \
      # 设置主组为目标 GID（可用 GID 数字指定）
      usermod -g "${ARGUS_BUILD_GID}" ubuntu || true; \
      # 若目标 UID 未被占用，则更新 ubuntu 的 UID
      if [ "$(id -u ubuntu)" != "${ARGUS_BUILD_UID}" ] && ! getent passwd "${ARGUS_BUILD_UID}" >/dev/null; then \
        usermod -u "${ARGUS_BUILD_UID}" ubuntu || true; \
      fi; \
    else \
      useradd -m -s /bin/bash -u "${ARGUS_BUILD_UID}" -g "${ARGUS_BUILD_GID}" ubuntu || true; \
    fi; \
    # 调整关键目录属主为 ubuntu UID/GID
    chown -R "${ARGUS_BUILD_UID}:${ARGUS_BUILD_GID}" /usr/share/alertmanager /alertmanager ${ALERTMANAGER_BASE_PATH} /private/argus/etc /usr/local/bin || true

# 配置内网 apt 源 (如果指定了内网选项)
RUN if [ "$USE_INTRANET" = "true" ]; then \
        echo "Configuring intranet apt sources..." && \
        cp /etc/apt/sources.list /etc/apt/sources.list.bak && \
        echo "deb [trusted=yes] http://10.68.64.1/ubuntu2204/ jammy main" > /etc/apt/sources.list && \
        echo 'Acquire::https::Verify-Peer "false";' > /etc/apt/apt.conf.d/99disable-ssl-check && \
        echo 'Acquire::https::Verify-Host "false";' >> /etc/apt/apt.conf.d/99disable-ssl-check; \
    fi


# 配置部署时使用的 apt 源
RUN if [ "$USE_INTRANET" = "true" ]; then \
    echo "deb [trusted=yes] https://10.92.132.52/mirrors/ubuntu2204/ jammy main" > /etc/apt/sources.list; \
    fi

# 创建 supervisor 日志目录
RUN mkdir -p /var/log/supervisor

# 复制 supervisor 配置文件
COPY src/alert/alertmanager/build/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

# 复制启动脚本
COPY src/alert/alertmanager/build/start-am-supervised.sh /usr/local/bin/start-am-supervised.sh
RUN chmod +x /usr/local/bin/start-am-supervised.sh

# 复制 Alertmanager 配置文件
COPY src/alert/alertmanager/build/alertmanager.yml /etc/alertmanager/alertmanager.yml
RUN chmod +x /etc/alertmanager/alertmanager.yml
# COPY src/alert/alertmanager/build/alertmanager.yml ${ALERTMANAGER_BASE_PATH}/alertmanager.yml

# 复制 DNS 监控脚本
COPY src/alert/alertmanager/build/dns-monitor.sh /usr/local/bin/dns-monitor.sh
RUN chmod +x /usr/local/bin/dns-monitor.sh

# 保持 root 用户，由 supervisor 控制 user 切换
USER root

# 暴露端口（Alertmanager 默认端口 9093）
EXPOSE 9093

# 使用 supervisor 作为入口点
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]