FROM almalinux/10-base
ARG PHPVER=83

# Install repos, update, install only needed packages, clean up in one layer
RUN dnf install -y \
      https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm \
      https://rpms.remirepo.net/enterprise/remi-release-10.rpm && \
    dnf update -y && \
    dnf install -y httpd mod_ssl openssl wget procps cronie iproute postgresql-devel microdnf less git \
      nano rsync unzip zip mariadb bind-utils jq patch nc tree dos2unix && \
    dnf clean all && \
    rm -rf /var/cache/dnf /usr/share/doc /usr/share/man /usr/share/locale/*

# Copy scripts into the image and set permissions
COPY ./scripts/ /scripts/
RUN chmod +x /scripts/*

# Install ImageMagick from EPEL with HEIC/HEIF/AVIF support
RUN dnf install -y ImageMagick ImageMagick-libs ImageMagick-heic && \
    dnf clean all

# Generate self-signed cert, create needed dirs, install PHP, clean up
RUN openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/localhost.key -x509 -days 3650 -subj "/CN=localhost" -out /etc/pki/tls/certs/localhost.crt && \
    mkdir -p /run/php-fpm/ && \
    /scripts/install-php$PHPVER.sh && \
    rm -rf /tmp/*

# Download and install wp-cli (consider pinning version for reproducibility)
RUN curl -L -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \
    chmod +x /usr/local/bin/wp

# Download and install Composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer && \
    chmod +x /usr/local/bin/composer

# Copy configs and web files
COPY ./configs/default-index.conf /etc/httpd/conf.d/
COPY ./configs/prod-php.ini /etc/php.ini
COPY ./configs/phpinfo.php /var/www/html/
COPY ./configs/mariadb.repo /etc/yum.repos.d/
COPY ./configs/index.php /var/www/html/
COPY ./configs/remote_ip.conf /etc/httpd/conf.d/

# Set up cron job in a single layer
RUN echo "15 */12 * * * root /scripts/log-rotate.sh" >> /etc/crontab

HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \
  CMD curl -f http://localhost/ || exit 1

ENTRYPOINT [ "/scripts/entrypoint.sh" ]
