#!/bin/bash
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
#
#  Authors:
#        Charles Bailey <cbailey32@bloomberg.net>
#        Sam Thursfield <sam.thursfield@codethink.co.uk>

# This is a helper script for using BuildStream via Docker. See
# docs/source/install.rst for documentation.

usage() {
    cat <<EOF

USAGE: $(basename "$0") [-i BST_HERE_IMAGE] [-j TAG] [-p] [-t] [-T] [-v VOLUME ...] [-h] [COMMAND [ARG..]]

Run a bst command in a new BuildStream container.

If no command is specified, an interactive shell is launched
using "/bin/bash -i".

See https://hub.docker.com/r/buildstream/buildstream for details on image
variants.

OPTIONS:
    -i IMAGE      Specify Docker image to use; can also be specified by setting
                  BST_HERE_IMAGE environment variable.
                  (default: buildstream/buildstream)
    -j TAG        Specify the tag of the Docker image to use.
                  (default: latest)
    -p            Pull the latest buildstream image before running.
    -t            Force pseudo-terminal allocation.
    -T            Disable pseudo-terminal allocation.
    -v VOLUME     Specify additional volumes to mount; should be in format
                  'host-src:container-dest' same as 'docker run -v'.
    -h            Print this help text and exit.

EOF
    exit "$1"
}

bst_here_image="${BST_HERE_IMAGE:-buildstream/buildstream}"
bst_here_tag=

is_tty=
update=false
extra_volumes_opt=

if test -t 0
then
    is_tty=y
fi

while getopts i:j:ptTv:h arg
do
    case $arg in
    i)
        bst_here_image="$OPTARG"
        ;;
    j)
        bst_here_tag="$OPTARG"
        ;;
    p)
        update=true
        ;;
    T)
        is_tty=
        ;;
    t)
        is_tty=y
        ;;
    v)
        extra_volumes_opt="$extra_volumes_opt --volume $OPTARG"
        ;;
    h)
        usage 0
        ;;
    \?)
        usage 1
    esac
done

if [ -n "$bst_here_tag" ]; then
    bst_here_image="$bst_here_image:$bst_here_tag"
fi

test "$OPTIND" -gt 1 &&
    shift $(( OPTIND - 1 ))

for vol in buildstream-cache buildstream-config
do
    docker volume create "$vol" >/dev/null
done

BST_HERE_PS1="\[\033[01;34m\]\w\[\033[00m\]> "

if [ "$#" -eq 0 ]; then
    command="/bin/bash -i"
else
    command="/usr/local/bin/bst $@"
fi

if "$update" == true
then
    docker pull "$bst_here_image"
fi

# FIXME: We run with --privileged to allow bwrap to mount system
#        directories, but this is overkill. We should add the correct
#        --cap-add calls, or seccomp settings, but we are not sure
#        what those are yet.
#
#        Old settings:
#          --cap-add SYS_ADMIN
#          --security-opt seccomp=unconfined
#
exec docker run --rm -i${is_tty:+ -t} \
                --privileged \
                --env PS1="$BST_HERE_PS1" \
                --device /dev/fuse \
                --volume buildstream-cache:/root/.cache/buildstream \
                --volume buildstream-config:/root/.config \
                --volume "$PWD":/src \
                $extra_volumes_opt \
                --workdir /src \
                "$bst_here_image" \
                $command
