# Common (multistage) args
ARG D_OS="rhel9.2"
ARG D_ARCH="x86_64"
ARG D_CONTAINER_VER="0"
ARG D_DOCA_VERSION="2.9.1"
ARG D_OFED_VERSION="24.10-1.1.4.0"
ARG D_KERNEL_VER="5.14.0-284.32.1.el9_2.x86_64"
ARG D_OFED_SRC_DOWNLOAD_PATH="/run/mellanox/src"
ARG OFED_SRC_LOCAL_DIR=${D_OFED_SRC_DOWNLOAD_PATH}/MLNX_OFED_SRC-${D_OFED_VERSION}
ARG STIG_COMPLIANT=false
ARG D_ENABLE_DKMS=false

# Final clean image of precompiled driver container
ARG D_FINAL_BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:latest

# DTK base image (below example for specific kernel headers version)
ARG D_BASE_IMAGE="registry.redhat.io/openshift4/driver-toolkit-rhel9:v4.13.0-202309112001.p0.gd719bdc.assembly.stream"
# Standart: registry.access.redhat.com/ubi9:latest

ARG D_PYTHON_VERSION="36"
ARG D_PYTHON="python${D_PYTHON_VERSION}"

##################################################################
# Stage: build go binary for entrypoint
FROM golang:1.25 AS go_builder

# Set GOPROXY if provided
ARG GOPROXY
ENV GOPROXY=$GOPROXY

WORKDIR /workspace

COPY entrypoint/go.mod go.mod
COPY entrypoint/go.sum go.sum

RUN go mod download

COPY entrypoint/ .

RUN TARGETARCH=${D_ARCH} TARGETOS=linux make build

##################################################################
# Stage: Minimal base image update and install common requirements

FROM $D_BASE_IMAGE AS base

# Inherited global args
ARG D_OS

# https://redmine.mellanox.com/issues/3528150/issue_history#note-9
RUN if [[ "${D_OS}" == *"rhel9"* ]] ; then \
        sed -i 's#/etc/pki/entitlement#/etc/pki/entitlement-host#g' /etc/rhsm/rhsm.conf ;\
    fi

RUN set -x && \
# Perform distro update and install prerequirements
    MAJOR_VER=$(echo ${D_OS} | sed 's/rhel\([0-9]*\).*/\1/') && \
    rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-${MAJOR_VER} && \
    dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-${MAJOR_VER}.noarch.rpm && \
    dnf -y update && \
    dnf -y install perl \
# Container functional requirements
    jq iproute kmod procps-ng udev

COPY --from=go_builder /workspace/build/entrypoint /root/entrypoint
WORKDIR /root
ADD ./entrypoint.sh /root/entrypoint.sh
ADD ./loader.sh /root/loader.sh

ENTRYPOINT ["/root/loader.sh"]

##############################################################################################
# Stage: Download NVIDIA driver sources and install src driver container packages requirements

FROM base AS driver-src

# Inherited global args
ARG D_DOCA_VERSION
ARG D_OFED_VERSION
ARG D_CONTAINER_VER
ARG D_OFED_SRC_DOWNLOAD_PATH
ARG STIG_COMPLIANT

# Stage args
ARG D_OFED_BASE_URL="https://linux.mellanox.com/public/repo/doca/${D_DOCA_VERSION}/SOURCES/mlnx_ofed"
ARG D_OFED_SRC_TYPE=""

ARG D_OFED_SRC_ARCHIVE="MLNX_OFED_SRC-${D_OFED_SRC_TYPE}${D_OFED_VERSION}.tgz"
ARG D_OFED_URL_PATH="${D_OFED_BASE_URL}/${D_OFED_SRC_ARCHIVE}"  # although argument name says URL, local `*.tgz` compressed files may also be used (intended for internal use)

ENV NVIDIA_NIC_DRIVER_VER=${D_OFED_VERSION}
ENV NVIDIA_NIC_CONTAINER_VER=${D_CONTAINER_VER}
ENV NVIDIA_NIC_DRIVER_PATH="${D_OFED_SRC_DOWNLOAD_PATH}/MLNX_OFED_SRC-${D_OFED_VERSION}"

WORKDIR /root
# Mount RHEL subscription certificates so docker build can access subscription-gated repos.
# Pass the host entitlement directory via: --build-context rhsm=/etc/pki/entitlement
# (buildah inherits host entitlements automatically; docker requires explicit bind mount)
RUN --mount=type=bind,from=rhsm,source=.,target=/etc/pki/entitlement-host \
    set -x && \
# Install prerequirements
    dnf install -y curl --allowerasing \
# Driver build requirements
    autoconf python3-devel ethtool automake pciutils libtool hostname dracut \
# Build tools needed by install.pl at runtime (avoids subscription-gated dnf at container start)
    elfutils-libelf-devel kernel-rpm-macros numactl-libs lsof rpm-build patch \
    gcc make bison flex \
# DKMS is always installed in the dynamic (sources) image; install.pl is invoked at
# container runtime and may build DKMS-enabled packages. Inherited by driver-builder too.
    dkms

# Download NVIDIA NIC driver
RUN mkdir -p ${D_OFED_SRC_DOWNLOAD_PATH}
WORKDIR ${D_OFED_SRC_DOWNLOAD_PATH}
ADD ${D_OFED_URL_PATH} ${D_OFED_SRC_ARCHIVE}
RUN if file ${D_OFED_SRC_ARCHIVE} | grep compressed; then \
    tar -xzf ${D_OFED_SRC_ARCHIVE}; \
  else \
    mv ${D_OFED_SRC_ARCHIVE}/MLNX_OFED_SRC-${D_OFED_VERSION} . ; \
  fi

WORKDIR /root
ADD ./entrypoint.sh /root/entrypoint.sh
ADD ./dtk_nic_driver_build.sh /root/dtk_nic_driver_build.sh

# dockerfile COPY instruction limitation requires adding a file - even if it's an empty/dummy file
COPY stig-fixer.sh /tmp/stig-fixer.sh
# run STIG fixer script for STIG complaint image builds
RUN set -x && \
  if [ "$STIG_COMPLIANT" = "true" ]; then \
    chmod +x /tmp/stig-fixer.sh && \
    /tmp/stig-fixer.sh ; \
  fi && \
  rm -f /tmp/stig-fixer.sh

ENTRYPOINT ["/root/loader.sh"]
CMD ["sources"]

LABEL doca-version=${D_DOCA_VERSION}
LABEL ofed-version=${D_OFED_VERSION}

#####################
# Stage: Build driver

FROM driver-src AS driver-builder

# Inherited global args
ARG D_OS
ARG D_KERNEL_VER
ARG OFED_SRC_LOCAL_DIR
ARG D_ENABLE_DKMS
ARG D_BUILD_EXTRA_ARGS

# Build driver - conditionally enable DKMS (same pattern as Ubuntu_Dockerfile)
# When D_ENABLE_DKMS=true, install.pl creates DKMS-enabled RPMs (source in /usr/src/, dkms.conf)
# When D_ENABLE_DKMS=false, install.pl creates static kernel modules (--without-dkms)
# Build toolchain (gcc, make, autoconf, rpm-build, dkms) is inherited from driver-src.
RUN set -x && \
    if [ "$D_ENABLE_DKMS" = "true" ]; then \
        ${OFED_SRC_LOCAL_DIR}/install.pl --without-depcheck --distro ${D_OS} --kernel ${D_KERNEL_VER} --kernel-sources /lib/modules/${D_KERNEL_VER}/build --kernel-only --build-only --without-iser --without-srp --without-isert --without-knem --without-xpmem --without-xpmem-modules --without-xpmem-dkms --with-mlnx-tools --with-ofed-scripts --copy-ifnames-udev ${D_BUILD_EXTRA_ARGS}; \
    else \
        ${OFED_SRC_LOCAL_DIR}/install.pl --without-depcheck --distro ${D_OS} --kernel ${D_KERNEL_VER} --kernel-sources /lib/modules/${D_KERNEL_VER}/build --kernel-only --build-only --without-iser --without-srp --without-isert --without-knem --without-xpmem --without-xpmem-modules --with-mlnx-tools --with-ofed-scripts --copy-ifnames-udev --without-dkms ${D_BUILD_EXTRA_ARGS}; \
    fi

###################################
# Stage: Install precompiled driver

ARG D_FINAL_BASE_IMAGE

FROM $D_FINAL_BASE_IMAGE AS precompiled

# Inherited global args
ARG D_OS
ARG D_ARCH
ARG D_KERNEL_VER
ARG D_OFED_VERSION
ARG D_CONTAINER_VER
ARG OFED_SRC_LOCAL_DIR
ARG D_ENABLE_DKMS

ENV NVIDIA_NIC_DRIVER_VER=${D_OFED_VERSION}
ENV NVIDIA_NIC_DRIVER_PATH=""
ENV NVIDIA_NIC_CONTAINER_VER=${D_CONTAINER_VER}

COPY --from=driver-builder ${OFED_SRC_LOCAL_DIR}/RPMS/redhat-release-*/${D_ARCH}/*.rpm /root/

RUN rpm -ivh --nodeps /root/*.rpm

RUN set -x && \
# MOFED functional requirements
    dnf install -y pciutils hostname udev ethtool \
# Container functional requirements
    jq iproute kmod procps-ng udev && \
# DKMS and kernel module build tools when DKMS enabled (runtime dkms add/build/install)
    if [ "$D_ENABLE_DKMS" = "true" ]; then \
        MAJOR_VER=$(echo ${D_OS} | sed 's/rhel\([0-9]*\).*/\1/') && \
        dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-${MAJOR_VER}.noarch.rpm && \
        dnf install -y dkms gcc make bison flex elfutils-libelf-devel; \
    fi

# Prevent modprobe from giving a WARNING about missing files
RUN touch /lib/modules/${D_KERNEL_VER}/modules.order /lib/modules/${D_KERNEL_VER}/modules.builtin && \
# Introduce installed kernel modules
    depmod ${D_KERNEL_VER}

WORKDIR /root
ADD ./entrypoint.sh /root/entrypoint.sh
ADD ./loader.sh /root/loader.sh
COPY --from=go_builder /workspace/build/entrypoint /root/entrypoint
ADD ./dtk_nic_driver_build.sh /root/dtk_nic_driver_build.sh

ENTRYPOINT ["/root/loader.sh"]
CMD ["precompiled"]