# syntax=docker/dockerfile:1.7
# Gitea Actions CI image for C/C++ + Vulkan projects.
# This extends the Ubuntu image commonly used by Gitea/act_runner so JS actions
# such as actions/checkout keep working.
#
# Build:
#   docker build -t evol-testbed:latest .

ARG BASE_IMAGE=catthehacker/ubuntu:act-latest
FROM ${BASE_IMAGE}

ARG LLVM_VERSION=22
ARG MESON_VERSION=latest
ARG USE_LUNARG_VULKAN=false
ARG LUNARG_SDK_VERSION=1.4.309.0

ENV DEBIAN_FRONTEND=noninteractive
ENV CC=clang
ENV CXX=clang++
ENV AR=llvm-ar
ENV RANLIB=llvm-ranlib
ENV NM=llvm-nm
ENV STRIP=llvm-strip

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

# Base compiler/build/Python/Vulkan packages from Ubuntu.
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    set -eux; \
    apt-get update; \
    apt-get install -y --no-install-recommends \
      ca-certificates \
      curl \
      gnupg \
      lsb-release \
      wget \
      xz-utils \
      libxrandr-dev \
      libxinerama-dev \
      git \
      build-essential \
      pkg-config \
      software-properties-common \
      python3 \
      python3-pip \
      python3-venv \
      ninja-build \
      gcovr \
      valgrind \
      libvulkan-dev \
      vulkan-tools \
      vulkan-validationlayers \
      mesa-vulkan-drivers \
      glslang-tools \
      spirv-tools \
      spirv-headers; \
    rm -rf /var/lib/apt/lists/*

# LLVM/Clang from apt.llvm.org.
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    set -eux; \
    codename="$(. /etc/os-release && echo "${VERSION_CODENAME}")"; \
    curl -fsSL https://apt.llvm.org/llvm-snapshot.gpg.key \
      | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot.gpg; \
    echo "deb [signed-by=/usr/share/keyrings/llvm-snapshot.gpg] http://apt.llvm.org/${codename}/ llvm-toolchain-${codename}-${LLVM_VERSION} main" \
      > "/etc/apt/sources.list.d/llvm-${LLVM_VERSION}.list"; \
    apt-get update; \
    apt-get install -y --no-install-recommends \
      "clang-${LLVM_VERSION}" \
      "clang-tools-${LLVM_VERSION}" \
      "clang-format-${LLVM_VERSION}" \
      "clang-tidy-${LLVM_VERSION}" \
      "lld-${LLVM_VERSION}" \
      "lldb-${LLVM_VERSION}" \
      "llvm-${LLVM_VERSION}" \
      "llvm-${LLVM_VERSION}-dev" \
      "llvm-${LLVM_VERSION}-tools"; \
    rm -rf /var/lib/apt/lists/*

# Optional LunarG Vulkan SDK repo. Disabled by default because Ubuntu distro
# Vulkan packages are more stable for CI and usually enough for building/testing.
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    set -eux; \
    if [ "${USE_LUNARG_VULKAN}" = "true" ]; then \
      codename="$(. /etc/os-release && echo "${VERSION_CODENAME}")"; \
      curl -fsSL https://packages.lunarg.com/lunarg-signing-key-pub.asc \
        | gpg --dearmor -o /usr/share/keyrings/lunarg.gpg; \
      echo "deb [signed-by=/usr/share/keyrings/lunarg.gpg] https://packages.lunarg.com/vulkan/${LUNARG_SDK_VERSION}/ubuntu ${codename} main" \
        > /etc/apt/sources.list.d/lunarg-vulkan-sdk.list; \
      apt-get update; \
      apt-get install -y --no-install-recommends vulkan-sdk; \
      rm -rf /var/lib/apt/lists/*; \
    fi

# Make LLVM_VERSION the default clang toolchain.
RUN set -eux; \
    update-alternatives --install /usr/bin/clang clang "/usr/bin/clang-${LLVM_VERSION}" 100; \
    update-alternatives --install /usr/bin/clang++ clang++ "/usr/bin/clang++-${LLVM_VERSION}" 100; \
    update-alternatives --install /usr/bin/clang-cpp clang-cpp "/usr/bin/clang-cpp-${LLVM_VERSION}" 100; \
    update-alternatives --install /usr/bin/lld lld "/usr/bin/lld-${LLVM_VERSION}" 100; \
    update-alternatives --install /usr/bin/lldb lldb "/usr/bin/lldb-${LLVM_VERSION}" 100; \
    update-alternatives --install /usr/bin/llvm-ar llvm-ar "/usr/bin/llvm-ar-${LLVM_VERSION}" 100; \
    update-alternatives --install /usr/bin/llvm-ranlib llvm-ranlib "/usr/bin/llvm-ranlib-${LLVM_VERSION}" 100; \
    update-alternatives --install /usr/bin/llvm-nm llvm-nm "/usr/bin/llvm-nm-${LLVM_VERSION}" 100; \
    update-alternatives --install /usr/bin/llvm-strip llvm-strip "/usr/bin/llvm-strip-${LLVM_VERSION}" 100

# Meson in an isolated venv avoids Debian/Ubuntu PEP 668 externally-managed pip errors.
RUN --mount=type=cache,target=/root/.cache/pip \
    set -eux; \
    python3 -m venv /opt/meson-venv; \
    /opt/meson-venv/bin/python -m pip install --upgrade pip setuptools wheel; \
    if [ "${MESON_VERSION}" = "latest" ]; then \
      /opt/meson-venv/bin/python -m pip install --upgrade meson; \
    else \
      /opt/meson-venv/bin/python -m pip install --upgrade "meson==${MESON_VERSION}"; \
    fi; \
    ln -sf /opt/meson-venv/bin/meson /usr/local/bin/meson

# Verify installed tools at image build time.
RUN set -eux; \
    python3 --version; \
    clang --version; \
    clang++ --version; \
    meson --version; \
    ninja --version

CMD ["bash"]
