# ova2vzdump — Debian bookworm + Proxmox no-subscription repo for the
# `vma` binary, plus qemu-utils for VMDK->raw conversion.
FROM debian:bookworm-slim

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y --no-install-recommends \
        ca-certificates curl gnupg lsb-release \
    && install -d /etc/apt/keyrings \
    && curl -fsSL https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg \
        -o /etc/apt/keyrings/proxmox-release-bookworm.gpg \
    && echo "deb [signed-by=/etc/apt/keyrings/proxmox-release-bookworm.gpg] \
        http://download.proxmox.com/debian/pve bookworm pve-no-subscription" \
        > /etc/apt/sources.list.d/pve.list \
    && apt-get update \
    && apt-get install -y --no-install-recommends \
        pve-qemu-kvm \
        zstd \
        python3 \
        python3-pip \
        python3-venv \
    && rm -rf /var/lib/apt/lists/*

# pve-qemu-kvm provides its own qemu-img and the vma binary; confirm both
# are on PATH so the later conversion steps can find them.
RUN command -v qemu-img && command -v vma

# Pre-cache a small bootable Alpine raw image so `create-test-ova --bootable`
# can produce a real OVA in seconds without re-downloading. Pinned version +
# checksum keeps builds reproducible.
ARG ALPINE_VERSION=3.22.4
ARG ALPINE_FILE=gcp_alpine-3.22.4-x86_64-bios-tiny-r0.raw.tar.gz
ARG ALPINE_URL=https://dl-cdn.alpinelinux.org/alpine/v3.22/releases/cloud
RUN set -eux \
    && mkdir -p /app/fixtures /tmp/alpine-extract \
    && cd /tmp \
    && curl -fsSL -o "${ALPINE_FILE}" "${ALPINE_URL}/${ALPINE_FILE}" \
    && curl -fsSL -o "${ALPINE_FILE}.hash" "${ALPINE_URL}/${ALPINE_FILE}.sha512" \
    # Alpine publishes bare hex hashes (no filename). Build a proper
    # sha512sum-compatible line so we can verify with `-c`.
    && printf '%s  %s\n' "$(tr -d '[:space:]' < "${ALPINE_FILE}.hash")" "${ALPINE_FILE}" \
        > "${ALPINE_FILE}.sha512" \
    && sha512sum -c "${ALPINE_FILE}.sha512" \
    && tar -xzf "${ALPINE_FILE}" -C /tmp/alpine-extract \
    && raw="$(find /tmp/alpine-extract -maxdepth 2 -name '*.raw' -print -quit)" \
    && test -n "$raw" || (echo "no .raw file inside tarball" && exit 1) \
    && mv "$raw" /app/fixtures/alpine-base.raw \
    && rm -rf /tmp/alpine-extract "${ALPINE_FILE}" "${ALPINE_FILE}.hash" "${ALPINE_FILE}.sha512" \
    && ls -la /app/fixtures/

WORKDIR /app
COPY pyproject.toml requirements.txt README.md ./
COPY src ./src
COPY scripts ./scripts

RUN pip install --no-cache-dir --break-system-packages . \
    && mkdir -p /data/uploads /data/output

VOLUME ["/data"]

EXPOSE 8080

ENV OVA2VZDUMP_ALPINE_BASE=/app/fixtures/alpine-base.raw

ENTRYPOINT ["ova2vzdump"]
CMD ["gui", "--upload-dir", "/data/uploads", "--output-dir", "/data/output"]
