# Dockerfile-lite: Onetime Secret All-in-One Container
#
# This Dockerfile creates a single container image with both Onetime Secret and Redis.
#
# Benefits:
# 1. Simplicity: Start entire app with one command
# 2. Ephemeral: Aligns with temporary nature of one-time secrets
# 3. Self-contained: All components included and configured
# 4. Data privacy: Container removal deletes all secrets
#
# Usage:
#
#     $ docker build -t localhost/onetimesecret-lite:latest -f Dockerfile-lite .
#
#     $ docker run --rm -p 7143:3000 --name onetimesecret-lite localhost/onetimesecret-lite:latest
#
# Note: Ideal for quick deployment and testing. For production with specific
# security or scalability needs, use separate containers for app and database.
#

FROM ghcr.io/onetimesecret/onetimesecret
ARG VERSION=0.0.0

LABEL Name=onetimesecret-lite Version=$VERSION
LABEL maintainer="Onetime Secret <docker-maint@onetimesecret.com>"
LABEL org.opencontainers.image.description="Onetime Secret (Lite) is a web application for sharing sensitive information via one-time use links. This image contains both the Onetime Secret application and Redis, making it a self-contained solution for quick deployment and testing. Warning: Not recommended for production use."

# Install Redis and other dependencies
RUN apt-get update && apt-get install -y \
    redis-server \
    redis-tools \
    && rm -rf /var/lib/apt/lists/*

# Write Redis configuration
RUN <<-EOF cat > /etc/redis/redis.conf
    bind 0.0.0.0
    port 6379
    daemonize no
EOF

# Write the startup script
# Note: We use quoted EOF ('EOF') to prevent variable expansion in the heredoc.
# This preserves potential variables (like $PATH) as literal text, to be evaluated when the script runs.
RUN <<-'EOF' cat > /onetime.sh
#!/bin/bash
set -e
# Print welcome message
echo "
🔒  Welcome to Onetime Secret Lite - The All-in-One, Onetime-use Secret Sharing Container for Humans!  🔒
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

🕵️  Your secrets are about to get a whole lot stealthier!

🖥️  ACCESS THE APP HERE: http://localhost:$PORT

💭  Pro tip: Secrets are like memes - hilarious, but only when shared with the right people!

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🎭  Happy secret sharing, you magnificent nerdlinger! 🎭
"

# Start Redis server
echo "Starting Redis..."
redis-server /etc/redis/redis.conf &

# Wait for Redis to be ready
until redis-cli ping; do
  echo "⚙️  Waiting for Redis to be ready..."
  sleep 1
done
echo "Redis is ready!"

# Start Onetime Secret
echo "Starting Onetime Secret..."
exec /app/bin/entrypoint.sh
EOF

# Ensure the script has the correct line endings and is executable
RUN chmod +x /onetime.sh

# Set environment variables
ENV HOST=127.0.0.1:3000
ENV PORT=3000
ENV STDOUT_SYNC=true
ENV SSL=false
ENV COLONEL=admin@example.com
ENV REDIS_URL=redis://localhost:6379/0
ENV RACK_ENV=production
ENV AUTH_ENABLED=false

EXPOSE 3000

CMD ["/onetime.sh"]
