#!/bin/sh

libexec="$(cd "$(dirname "$0")" && pwd)"
. "${libexec}/base.sh"

# shellcheck disable=SC2034
usage=$(cat <<EOF
Flatten a Docker image into a Charliecloud image tarball.

Usage:

  $ $(basename "$0") IMAGE OUTDIR

You must have sufficient privilege (via sudo) to run the Docker commands.
EOF
)

parse_basic_args "$@"

if [ "$#" -ne 2 ]; then
    usage
fi

image=$1
outdir=$2
tar=${outdir}/$(echo "$image" | sed 's/\//./g').tar

# Export the image to tarball.
echo "exporting"
cid=$(docker_ create --read-only "$image")
size=$(docker_ image inspect "$image" --format='{{.Size}}')
#docker_ ps -af "id=$cid"
docker_ export "$cid" | pv_ -s "$size" > "$tar"
docker_ rm "$cid" > /dev/null

# Add the Docker environment variables in ./environment for later consumption
# by "ch-run --set-env".
#
# 1. mktemp(1) isn't POSIX, but it seemed very likely to be installed if
#    Docker is, and I couldn't find a more portable way of securely creating
#    temporary files. (In particular, I would have preferred to pipe in the
#    data rather than creating and deleting a temporary file.)
#
# 2. Blocking factor 1 (-b1) for tar is a bug workaround. Without this switch,
#    tar 1.26, which is in RHEL, corrupts the tarball instead of appending to
#    it. This doesn't happen in 1.29 in Debian Stretch, and building GNU tar
#    from Git source was too hard, so I couldn't bisect a specific commit that
#    fixed the bug to learn what exactly was going on. (See PR #371.)
#
# 3. This assumes that the tarball from Docker does not have a single
#    top-level directory (i.e., is a tarbomb).
#
echo "adding environment"
temp=$(mktemp --tmpdir ch-docker2tar.XXXXXX)
docker_ inspect "$image" --format='{{range .Config.Env}}{{println .}}{{end}}' \
        > "$temp"
tar rf "$tar" -b1 -P --xform="s|${temp}|environment|" "$temp"
rm "$temp"

# Finish up.
echo "compressing"
cat "$tar" | pv_ -s "$size" | gzip_ -6 > "${tar}.gz"
rm "$tar"
ls -lh "${tar}.gz"
