ARG  REGISTRY=docker.io
ARG  BASE_IMAGE=library/ubuntu:20.04

ARG  ONLYOFFICE_IMAGE=onlyoffice/documentserver:7.5

FROM ${REGISTRY}/${BASE_IMAGE} as base

FROM base as runtime-slim-base
RUN  apt update && apt install libseccomp2 -y && rm -rf /var/apt

FROM ${REGISTRY}/${ONLYOFFICE_IMAGE} as runtime-base
RUN  apt update && apt install libseccomp2 -y && rm -rf /var/apt

FROM base as builder-base
RUN  ln -svf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && apt update && apt install build-essential libseccomp-dev curl pkg-config -y
RUN  curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | bash -s - -y
COPY Cargo.toml Cargo.lock build.rs /src/
COPY src /src/src
COPY x2t-sandbox-rulegen /src/x2t-sandbox-rulegen
WORKDIR /src

FROM builder-base as tracer-builder
RUN  /root/.cargo/bin/cargo build --release --features tracing-mode

FROM runtime-slim-base as runtime-tracer
COPY --from=tracer-builder /src/target/release/x2t-sandbox /usr/local/bin/x2t-sandbox
ENTRYPOINT ["/usr/local/bin/x2t-sandbox"]


FROM runtime-base as tracer-generate-syscalls
COPY data /data
COPY --from=tracer-builder /src/target/release/x2t-sandbox /usr/local/bin/x2t-sandbox
RUN  bash -c 'set -euo pipefail; for filename in $(ls /data/ | grep "\.xml$"); do /usr/local/bin/x2t-sandbox -l $filename.out /var/www/onlyoffice/documentserver/server/FileConverter/bin/x2t /data/$filename; done'
RUN  cat *.out | sort | uniq > x2t-syscalls.txt

FROM builder-base as sandbox-builder
COPY --from=tracer-generate-syscalls /x2t-syscalls.txt /src/x2t-syscalls.txt
RUN  /root/.cargo/bin/cargo build --release --features tracing-mode

FROM runtime-base as onlyoffice-output
COPY --from=sandbox-builder /src/target/release/x2t-sandbox /usr/local/bin/x2t-sandbox

FROM base as copy-tracer-to-data
COPY --from=tracer-builder /src/target/release/x2t-sandbox /x2t-sandbox
CMD  ["cp", "-v", "x2t-sandbox", "/data/x2t-sandbox"]

FROM base as copy-to-data
COPY --from=sandbox-builder /src/target/release/x2t-sandbox /x2t-sandbox
CMD  ["cp", "-v", "x2t-sandbox", "/data/x2t-sandbox"]