# We pin alpine version and MariaDB version here, because they go together.

ARG VERSION=11.4
ARG ALPINE=3.21
ARG UID=200011
ARG GID=200011

FROM mariadb:${VERSION}-ubi AS extract

FROM alpine:${ALPINE}

LABEL maintainer="Lukas Raub titanz@pm.me"

ARG UID
ARG GID

# Pinning UID and GID here because the UID automatically created
# might change over time.
RUN --network=none \
    addgroup -g ${GID} mysql \
    && adduser -u ${UID} --ingroup mysql --disabled-password --system --home /var/lib/mysql mysql

RUN apk -U upgrade \
    && apk add --no-cache bash ca-certificates coreutils libstdc++ mariadb mariadb-backup mariadb-client mariadb-server-utils pwgen rsync tzdata xz zstd \
    && update-ca-certificates \
    # Alpine does not provide an aarch64 package for galera
    && if [ $(arch) = 'x86_64' ]; then apk add --no-cache galera procps-ng pv; fi \
    && rm -rf /var/cache/apk/* /etc/my.cnf /etc/my.cnf.d/mariadb-server.cnf

COPY --from=extract --chown=mysql /etc/my.cnf /etc/my.cnf
COPY --from=extract --chown=mysql /etc/my.cnf.d /etc/my.cnf.d
COPY --from=extract --chown=mysql /etc/mysql /etc/mysql
COPY --from=extract /usr/local/bin/healthcheck.sh /usr/local/bin/healthcheck.sh
COPY --from=extract /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh 

RUN mkdir /run/mariadb
RUN mkdir /docker-entrypoint-initdb.d
RUN chown mysql:mysql /run/mariadb /docker-entrypoint-initdb.d

COPY --from=git.conorz.at/titanz-containers/hardened_malloc:latest /install /usr/local/lib/
ENV LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"

USER mysql

VOLUME /var/lib/mysql

EXPOSE 3306/tcp

ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["mariadbd"]