FROM ocaml/opam:alpine-ocaml-5.3 AS builder
WORKDIR /home/opam/src
COPY --chown=opam merry.opam .
RUN opam pin . -yn
RUN opam install . --deps-only --with-test
COPY --chown=opam . .
RUN opam exec -- dune build --profile=release

FROM alpine:3.23

# Copy across msh as the new shell!
COPY --from=builder /home/opam/src/_build/default/src/bin/main.exe /bin/msh 
RUN ln -sf /bin/msh /bin/sh
SHELL [ "/bin/msh", "-c" ]

LABEL distro_style="apk"
RUN apk update && apk upgrade
RUN apk add build-base bzip2 git tar curl ca-certificates openssl
RUN git config --global user.email "docker@example.com"
RUN git config --global user.name "Docker"
RUN git clone https://github.com/ocaml/opam /tmp/opam && cd /tmp/opam && cp -P -R -p . ../opam-sources && git checkout 16116259a7db479cb69f4dbd6c430ec14c5814ad && env MAKE='make -j' shell/bootstrap-ocaml.sh && make -C src_ext cache-archives
RUN cd /tmp/opam-sources && cp -P -R -p . ../opam-build-2.0 && cd ../opam-build-2.0 && git fetch -q && git checkout adc1e1829a2bef5b240746df80341b508290fe3b && ln -s ../opam/src_ext/archives src_ext/archives && env PATH="/tmp/opam/bootstrap/ocaml/bin:$PATH" ./configure --enable-cold-check && env PATH="/tmp/opam/bootstrap/ocaml/bin:$PATH" make lib-ext all && mkdir -p /usr/local/bin && cp /tmp/opam-build-2.0/opam /usr/local/bin/opam-2.0 && chmod a+x /usr/local/bin/opam-2.0 && rm -rf /tmp/opam-build-2.0
RUN cd /tmp/opam-sources && cp -P -R -p . ../opam-build-2.1 && cd ../opam-build-2.1 && git fetch -q && git checkout 263921263e1f745613e2882745114b7b08f3608b && ln -s ../opam/src_ext/archives src_ext/archives && env PATH="/tmp/opam/bootstrap/ocaml/bin:$PATH" ./configure --enable-cold-check --with-0install-solver && env PATH="/tmp/opam/bootstrap/ocaml/bin:$PATH" make lib-ext all && mkdir -p /usr/local/bin && cp /tmp/opam-build-2.1/opam /usr/local/bin/opam-2.1 && chmod a+x /usr/local/bin/opam-2.1 && rm -rf /tmp/opam-build-2.1
RUN cd /tmp/opam-sources && cp -P -R -p . ../opam-build-2.2 && cd ../opam-build-2.2 && git fetch -q && git checkout 01e9a24a61e23e42d513b4b775d8c30c807439b2 && ln -s ../opam/src_ext/archives src_ext/archives && env PATH="/tmp/opam/bootstrap/ocaml/bin:$PATH" ./configure --enable-cold-check --with-0install-solver --with-vendored-deps && env PATH="/tmp/opam/bootstrap/ocaml/bin:$PATH" make lib-ext all && mkdir -p /usr/local/bin && cp /tmp/opam-build-2.2/opam /usr/local/bin/opam-2.2 && chmod a+x /usr/local/bin/opam-2.2 && rm -rf /tmp/opam-build-2.2
RUN cd /tmp/opam-sources && cp -P -R -p . ../opam-build-2.3 && cd ../opam-build-2.3 && git fetch -q && git checkout 35acd0c5abc5e66cdbd5be16ba77aa6c33a4c724 && ln -s ../opam/src_ext/archives src_ext/archives && env PATH="/tmp/opam/bootstrap/ocaml/bin:$PATH" ./configure --enable-cold-check --with-0install-solver --with-vendored-deps && env PATH="/tmp/opam/bootstrap/ocaml/bin:$PATH" make lib-ext all && mkdir -p /usr/local/bin && cp /tmp/opam-build-2.3/opam /usr/local/bin/opam-2.3 && chmod a+x /usr/local/bin/opam-2.3 && rm -rf /tmp/opam-build-2.3
RUN cd /tmp/opam-sources && cp -P -R -p . ../opam-build-2.4 && cd ../opam-build-2.4 && git fetch -q && git checkout 7c92631391984f698f31ee24f3ae4dc1cd3698ff && ln -s ../opam/src_ext/archives src_ext/archives && env PATH="/tmp/opam/bootstrap/ocaml/bin:$PATH" ./configure --enable-cold-check --with-0install-solver --with-vendored-deps && env PATH="/tmp/opam/bootstrap/ocaml/bin:$PATH" make lib-ext all && mkdir -p /usr/local/bin && cp /tmp/opam-build-2.4/opam /usr/local/bin/opam-2.4 && chmod a+x /usr/local/bin/opam-2.4 && rm -rf /tmp/opam-build-2.4
RUN cd /tmp/opam-sources && cp -P -R -p . ../opam-build-2.5 && cd ../opam-build-2.5 && git fetch -q && git checkout edf980ebd18ad6b5e990dbf3b6367cffcaf01815 && ln -s ../opam/src_ext/archives src_ext/archives && env PATH="/tmp/opam/bootstrap/ocaml/bin:$PATH" ./configure --enable-cold-check --with-0install-solver --with-vendored-deps && env PATH="/tmp/opam/bootstrap/ocaml/bin:$PATH" make lib-ext all && mkdir -p /usr/local/bin && cp /tmp/opam-build-2.5/opam /usr/local/bin/opam-2.5 && chmod a+x /usr/local/bin/opam-2.5 && rm -rf /tmp/opam-build-2.5
RUN cd /tmp/opam-sources && cp -P -R -p . ../opam-build-master && cd ../opam-build-master && git fetch -q && git checkout 16116259a7db479cb69f4dbd6c430ec14c5814ad && ln -s ../opam/src_ext/archives src_ext/archives && env PATH="/tmp/opam/bootstrap/ocaml/bin:$PATH" ./configure --enable-cold-check --with-0install-solver --with-vendored-deps && env PATH="/tmp/opam/bootstrap/ocaml/bin:$PATH" make lib-ext all && mkdir -p /usr/local/bin && cp /tmp/opam-build-master/opam /usr/local/bin/opam-master && chmod a+x /usr/local/bin/opam-master && rm -rf /tmp/opam-build-master
RUN strip /usr/local/bin/opam*

FROM alpine:3.23
RUN <<-EOF cat >> /etc/apk/repositories
	@edge https://dl-cdn.alpinelinux.org/alpine/edge/main
	@edgecommunity https://dl-cdn.alpinelinux.org/alpine/edge/community
	@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing
EOF
ENV OCAMLRUNPARAM=b
RUN apk update && apk upgrade
RUN apk add build-base patch tar ca-certificates git rsync curl sudo bash libx11-dev nano coreutils xz ncurses-dev bubblewrap
COPY --from=1 [ "/usr/local/bin/opam-2.0", "/usr/bin/opam-2.0" ]
RUN ln /usr/bin/opam-2.0 /usr/bin/opam
COPY --from=1 [ "/usr/local/bin/opam-2.1", "/usr/bin/opam-2.1" ]
COPY --from=1 [ "/usr/local/bin/opam-2.2", "/usr/bin/opam-2.2" ]
COPY --from=1 [ "/usr/local/bin/opam-2.3", "/usr/bin/opam-2.3" ]
COPY --from=1 [ "/usr/local/bin/opam-2.4", "/usr/bin/opam-2.4" ]
COPY --from=1 [ "/usr/local/bin/opam-2.5", "/usr/bin/opam-2.5" ]
COPY --from=1 [ "/usr/local/bin/opam-master", "/usr/bin/opam-dev" ]
RUN addgroup -S -g 1000 opam
RUN adduser -S -u 1000 -G opam opam
COPY <<-EOF /etc/sudoers.d/opam
	opam ALL=(ALL:ALL) NOPASSWD:ALL
EOF
RUN chmod 440 /etc/sudoers.d/opam
RUN chown root:root /etc/sudoers.d/opam
RUN sed -i.bak 's/^Defaults.*requiretty//g' /etc/sudoers
USER opam
WORKDIR /home/opam
RUN mkdir .ssh
RUN chmod 700 .ssh
COPY --chown=opam <<-EOF /home/opam/.opamrc-nosandbox
	wrap-build-commands: []
	wrap-install-commands: []
	wrap-remove-commands: []
	required-tools: []
EOF
COPY --chown=opam <<-EOF /home/opam/opam-sandbox-disable
	#!/bin/sh
	cp ~/.opamrc-nosandbox ~/.opamrc
	echo --- opam sandboxing disabled
EOF
RUN chmod a+x /home/opam/opam-sandbox-disable
RUN sudo mv /home/opam/opam-sandbox-disable /usr/bin/opam-sandbox-disable
COPY --chown=opam <<-EOF /home/opam/.opamrc-sandbox
	wrap-build-commands: ["%{hooks}%/sandbox.sh" "build"]
	wrap-install-commands: ["%{hooks}%/sandbox.sh" "install"]
	wrap-remove-commands: ["%{hooks}%/sandbox.sh" "remove"]
EOF
COPY --chown=opam <<-EOF /home/opam/opam-sandbox-enable
	#!/bin/sh
	cp ~/.opamrc-sandbox ~/.opamrc
	echo --- opam sandboxing enabled
EOF
RUN chmod a+x /home/opam/opam-sandbox-enable
RUN sudo mv /home/opam/opam-sandbox-enable /usr/bin/opam-sandbox-enable
RUN git config --global user.email "docker@example.com"
RUN git config --global user.name "Docker"
COPY --link --chown=opam:opam [ ".", "/home/opam/opam-repository" ]
RUN opam-sandbox-disable
RUN opam init -k git -a /home/opam/opam-repository --bare
RUN echo 'archive-mirrors: "https://opam.ocaml.org/cache"' >> ~/.opam/config
RUN rm -rf .opam/repo/default/.git