FROM prom/prometheus:v3.5.0

# 构建期使用 root，运行期使用 prometheus 用户
USER root

# Prometheus 数据与配置基础路径
ENV PROMETHEUS_BASE_PATH=/private/argus/metric/prometheus

# 构建期指定 UID/GID，用于与宿主用户映射
ARG ARGUS_BUILD_UID=2133
ARG ARGUS_BUILD_GID=2015

ENV ARGUS_BUILD_UID=${ARGUS_BUILD_UID} \
    ARGUS_BUILD_GID=${ARGUS_BUILD_GID}

# 创建目录结构：将 /prometheus 链接到 ARGUS 路径
RUN mkdir -p ${PROMETHEUS_BASE_PATH}/rules \
    && mkdir -p ${PROMETHEUS_BASE_PATH}/targets \
    && mkdir -p /private/argus/etc \
    && rm -rf /prometheus \
    && ln -s ${PROMETHEUS_BASE_PATH} /prometheus

# 调整 prometheus 用户 UID/GID 并授权
# 注意：prom/prometheus 基础镜像基于 BusyBox，仅提供 adduser/addgroup，
# 没有 useradd/groupadd/usermod/groupmod 等工具。
RUN set -eux; \
    if ! grep -q '^prometheus:' /etc/passwd 2>/dev/null; then \
      addgroup -g "${ARGUS_BUILD_GID}" prometheus 2>/dev/null || true; \
      adduser -D -H -u "${ARGUS_BUILD_UID}" -G prometheus prometheus 2>/dev/null || true; \
    fi; \
    chown -h prometheus:prometheus /prometheus || true; \
    chown -R prometheus:prometheus ${PROMETHEUS_BASE_PATH} || true; \
    if [ -d /etc/prometheus ]; then chown -R prometheus:prometheus /etc/prometheus; fi

# 拷贝配置与启动脚本
COPY prometheus.yml /etc/prometheus/prometheus.yml
COPY exporter_config.json /usr/local/bin/exporter_config.json
COPY start-prometheus-supervised.sh /usr/local/bin/start-prometheus-supervised.sh
RUN chmod +x /usr/local/bin/start-prometheus-supervised.sh && \
    chown prometheus:prometheus /usr/local/bin/start-prometheus-supervised.sh && \
    chown prometheus:prometheus /usr/local/bin/exporter_config.json || true

# 可选的 targets 更新脚本（ARM 镜像中默认不自动运行，因为基础镜像无 python3）
COPY update_targets.py /usr/local/bin/update_targets.py
RUN chmod +x /usr/local/bin/update_targets.py && \
    chown prometheus:prometheus /usr/local/bin/update_targets.py || true

# DNS 监控脚本（目前未默认启用，可由外部显式调用）
COPY dns-monitor.sh /usr/local/bin/dns-monitor.sh
RUN chmod +x /usr/local/bin/dns-monitor.sh && \
    chown prometheus:prometheus /usr/local/bin/dns-monitor.sh || true

# 使用 prometheus 用户运行
USER prometheus

EXPOSE 9090

# ARM 版直接使用启动脚本作为入口，不再依赖 supervisor
ENTRYPOINT ["/usr/local/bin/start-prometheus-supervised.sh"]