# syntax=docker/dockerfile:1
# Même logique que l’image upstream : UID/GID numériques, pas le nom « nginx ».
# https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/stable/alpine/Dockerfile
FROM nginxinc/nginx-unprivileged:stable-alpine

ARG UID=101
ARG GID=101

USER root
RUN --mount=type=cache,target=/var/cache/apk \
    apk add --no-cache git

WORKDIR /usr/share/nginx/html

ARG TALKS_REPO_URL=https://git.specificat.io/arnault/Talks.git
ARG TALKS_BRANCH=main
ARG TALKS_SPARSE_DIR=content

RUN find . -mindepth 1 -delete \
  && git clone --filter=blob:none --sparse --branch "${TALKS_BRANCH}" --single-branch "${TALKS_REPO_URL}" . \
  && git sparse-checkout init --cone \
  && git sparse-checkout set "${TALKS_SPARSE_DIR}"

COPY nginx/default.conf /etc/nginx/conf.d/default.conf
COPY refresh.sh /refresh.sh

RUN chmod +x /refresh.sh \
  && chown -R "${UID}:${GID}" /usr/share/nginx/html /refresh.sh \
  && mkdir -p /home/nginx \
  && chown "${UID}:${GID}" /home/nginx \
  && su "${UID}" -s /bin/sh -c 'HOME=/home/nginx git config --global --add safe.directory /usr/share/nginx/html'

ENV HOME=/home/nginx

USER ${UID}

EXPOSE 8080

CMD sh -c "/refresh.sh & exec nginx -g 'daemon off;'"