# vim:ft=dockerfile

FROM phusion/baseimage:0.10.0

ENV DEBIAN_FRONTEND noninteractive
ENV HOME /root
ENV QUAYDIR /quay-registry
ENV QUAYCONF /quay-registry/conf
ENV QUAYPATH "."

RUN mkdir $QUAYDIR
WORKDIR $QUAYDIR

# This is so we don't break http golang/go#17066
# When Ubuntu has nginx >= 1.11.0 we can switch back.
ENV NGINX_GPGKEY 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 \
    --keyserver-options timeout=10 --recv-keys "${NGINX_GPGKEY}"

RUN add-apt-repository --enable-source \
    "deb http://nginx.org/packages/ubuntu/ xenial nginx"

# Add Yarn repository until it is officially added to Ubuntu
RUN curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
    && add-apt-repository "deb https://dl.yarnpkg.com/debian/ stable main"

RUN curl -fsSL https://deb.nodesource.com/setup_8.x | bash -

# Install system packages
RUN apt-get update && apt-get upgrade -y \
    && apt-get install -y \
     dnsmasq           \
     g++               \
     gdb               \
     gdebi-core        \
     git               \
     jpegoptim         \
     libevent-2.0.5    \
     libevent-dev      \
     libffi-dev        \
     libfreetype6-dev  \
     libgpgme11        \
     libgpgme11-dev    \
     libjpeg62         \
     libjpeg62-dev     \
     libjpeg8          \
     libldap-2.4-2     \
     libldap2-dev      \
     libmagic1         \
     libpq-dev         \
     libpq5            \
     libsasl2-dev      \
     libsasl2-modules  \
     memcached         \
     monit             \
     nginx             \
     nodejs            \
     optipng           \
     openssl           \
     python-dbg        \
     python-dev        \
     python-pip        \
     python-virtualenv \
     yarn=0.22.0-1     \
     w3m # 13JUL2018

# Install nginx-module-vts
COPY scripts/build-nginx-vts.sh /tmp/build-nginx-vts.sh
RUN /tmp/build-nginx-vts.sh v0.1.18

# Install cfssl
RUN curl -fsSL -o /bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 \
    && curl -fsSL -o /bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 \
    && chmod 0755 /bin/cfssl /bin/cfssljson

# Install jwtproxy
RUN curl -fsSL -o /usr/local/bin/jwtproxy https://github.com/coreos/jwtproxy/releases/download/v0.0.1/jwtproxy-linux-x64 \
    && chmod +x /usr/local/bin/jwtproxy

# Install prometheus-aggregator
RUN curl -fsSL -o /usr/local/bin/prometheus-aggregator https://github.com/coreos/prometheus-aggregator/releases/download/v0.0.1-alpha/prometheus-aggregator \
    && chmod +x /usr/local/bin/prometheus-aggregator

# Install python dependencies
COPY requirements.txt requirements-tests.txt ./
RUN virtualenv --distribute venv \
    && venv/bin/pip install -r requirements.txt \
    && venv/bin/pip install -r requirements-tests.txt \
    && venv/bin/pip freeze

# Install front-end dependencies
COPY static/ package.json tsconfig.json webpack.config.js tslint.json yarn.lock ./
RUN yarn install --ignore-engines


RUN mkdir -p /etc/my_init.d /etc/systlog-ng /usr/local/bin /etc/monit $QUAYDIR/static/fonts $QUAYDIR/static/ldn /usr/local/nginx/logs/

RUN rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache
VOLUME ["/var/log", "/datastorage", "/tmp"]



RUN adduser memcached --disabled-login --system

WORKDIR $QUAYDIR

# Check python dependencies for the GPL
# Due to the following bug, pip results must be piped to a file before grepping:
# https://github.com/pypa/pip/pull/3304
RUN cat requirements.txt | grep -v "^-e" | awk -F'==' '{print $1}' | xargs venv/bin/pip --disable-pip-version-check show > pipinfo.txt && \
    test -z "$(cat pipinfo.txt | grep GPL | grep -v LGPL)" && \
    rm pipinfo.txt

# JS compile
COPY static static
RUN yarn build \
    && jpegoptim static/img/**/*.jpg \
    && optipng -clobber -quiet static/img/**/*.png

# Config app js compile
COPY config_app/ config_app/
RUN yarn build-config-app

COPY . .

RUN PYTHONPATH=$QUAYPATH venv/bin/python -m external_libraries

# Update local copy of AWS IP Ranges.
RUN curl -fsSL https://ip-ranges.amazonaws.com/ip-ranges.json -o util/ipresolver/aws-ip-ranges.json

# Set up the init system
RUN mkdir -p /etc/my_init.d /etc/systlog-ng /usr/local/bin /etc/monit static/fonts static/ldn /usr/local/nginx/logs/ \
    && cp $QUAYCONF/init/syslog-ng.conf /etc/syslog-ng/ \
    && cp $QUAYCONF/kill-buildmanager.sh /usr/local/bin/kill-buildmanager.sh \
    && cp $QUAYCONF/monitrc /etc/monit/monitrc \
    && chmod 0600 /etc/monit/monitrc \
    && cp $QUAYCONF/init/logrotate.conf /etc/logrotate.conf \
    && cp .git/HEAD GIT_HEAD \
    && rm -rf /etc/service/syslog-forwarder

RUN ln -s $QUAYCONF /conf

# Cleanup any NPM-related stuff.
# RUN apt-get remove -y --auto-remove python-dev g++ libjpeg62-dev libevent-dev libldap2-dev libsasl2-dev libpq-dev libffi-dev libgpgme11-dev nodejs jpegoptim optipng w3m \
#     && apt-get autoremove -y \
#     && apt-get clean
#     && rm -rf /root/.npm /.npm /usr/local/lib/node_modules /usr/share/yarn/node_modules \
#            /root/node_modules /node_modules /grunt
RUN PYTHONPATH=$QUAYPATH venv/bin/alembic heads | grep -E '^[0-9a-f]+ \(head\)$' > ALEMBIC_HEAD

RUN ./scripts/detect-config.sh

EXPOSE 443 8443 80

ENTRYPOINT ["/quay-registry/quay-entrypoint.sh"]