FROM node:lts-buster AS base

# Copy scripts
COPY scripts/*.sh /tmp/

RUN mkdir -p /usr/src/node-red /data && \
    deluser --remove-home node && \
    adduser --gecos "" --home /usr/src/node-red --disabled-login --uid 1000 node-red && \
    chown -R node-red:node-red /data && \
    chown -R node-red:node-red /usr/src/node-red && \
    chmod +x /tmp/*.sh

# Install tools, create Node-RED app and data dir, add user and set rights
RUN set -ex && \
    apt-get update && \
    apt-get upgrade -y && \
    apt-get install -y \
        bash \
        tzdata \
        iputils-ping \
        iputils-arping \
        curl \
        nano \
        git \
        openssl \
        openssh-client

# Set work directory
WORKDIR /usr/src/node-red

# package.json contains Node-RED NPM module and node dependencies
COPY package.json .

#### Stage BUILD #######################################################################################################
FROM base AS build

# Install Build tools
RUN apt-get update && \
    apt-get upgrade -y && \
    apt-get -y install build-essential linux-headers-$(uname -r) udev python && \
    npm install --unsafe-perm --no-update-notifier --only=production

RUN /tmp/remove_native_gpio.sh && \
    cp -R node_modules prod_node_modules

#### Stage RELEASE #####################################################################################################
FROM base AS RELEASE

COPY --from=build /usr/src/node-red/prod_node_modules ./node_modules

# Chown, install devtools & Clean up
RUN chown -R node-red:node-red /usr/src/node-red && \
    /tmp/install_devtools.sh && \
    rm -r /tmp/*
    
RUN set -ex \
	&& apt-get install -y wget sudo net-tools dhcpdump  bluez arp-scan

RUN addgroup node-red sudo

RUN cat /dev/null > /etc/sudoers \
	&& echo -e "Set disable_coredump false\n" > /etc/sudo.conf \
	&& touch /etc/sudoers \
	&& echo  "node-red ALL=(ALL) NOPASSWD: ALL\n%sudo ALL=(ALL) NOPASSWD: ALL\n" > /etc/sudoers \
	&& chmod 0440 /etc/sudoers
 
RUN apt-get clean autoclean && \
    apt-get autoremove --yes && \
    rm -rf /var/lib/{apt,dpkg,cache,log}/

USER node-red

# Env variables
ENV NODE_RED_VERSION=$NODE_RED_VERSION \
    NODE_PATH=/usr/src/node-red/node_modules:/data/node_modules \
    FLOWS=flows.json

# ENV NODE_RED_ENABLE_SAFE_MODE=true    # Uncomment to enable safe start mode (flows not running)
# ENV NODE_RED_ENABLE_PROJECTS=true     # Uncomment to enable projects option

# User configuration directory volume
VOLUME ["/data"]

# Expose the listening port of node-red
EXPOSE 1880

# Add a healthcheck (default every 30 secs)
HEALTHCHECK CMD curl http://localhost:1880/ || exit 1

ENTRYPOINT ["npm", "start", "--", "--userDir", "/data"]

USER root