FROM registry.redhat.io/ubi7/ruby-26:2.6-82.1638432510

LABEL summary="3scale API Management platform main system." \
      description="3scale is an API Management Platform suitable \
                   to manage both internal and external API services. \
                   This image contains the platform main system \
                   including usage policies, access control, analytics, \
                   developer portal, and API documentation." \
      io.k8s.display-name="3scale API manager (system)" \
      io.k8s.description="3scale is an API Management Platform suitable \
                   to manage both internal and external API services. \
                   This image contains the platform main system \
                   including usage policies, access control, analytics, \
                   developer portal, and API documentation." \
      io.openshift.expose-services="3000:system,9306:system" \
      io.openshift.tags="integration, api management, 3scale, rhamp, developer portal, api documentation, api analytics"

# Labels consumed by Red Hat build service
LABEL com.redhat.component="3scale-amp-system-container" \
      name="3scale-amp2/system-rhel7" \
      maintainer="hramihaj@redhat.com" \
    version="1.15.1"

ENV BASH_ENV=/opt/app-root/etc/scl_enable \
   ENV=/opt/app-root/etc/scl_enable \
   PROMPT_COMMAND=". /opt/app-root/etc/scl_enable" \
   RAILS_ENV=production \
   SAFETY_ASSURED=1 \
   BUNDLE_WITHOUT=development:test \
   TZ=:/etc/localtime \
   BUNDLE_GEMFILE=Gemfile \
   GEMS_REPO=https://repository.jboss.org/nexus/content/groups/rubygems_store/ \
   NPM_REPO=https://repository.engineering.redhat.com/nexus/repository/registry.npmjs.org/ \
   NODE_OPTIONS="--max_old_space_size=4096" \
   NODEJS_SCL=rh-nodejs12 \
   npm_config_tarball=/tmp/node-v12.13.0-headers.tar.gz

EXPOSE 3000 9306

USER root

WORKDIR /opt/system

ARG BUILD_TYPE=brew

COPY $BUILD_TYPE.repo /etc/yum.repos.d/brew.repo

# required by node-pre-gyp to build node-canvas from source
# https://github.com/Automattic/node-canvas/wiki/Installation:-Fedora-and-other-RPM-based-distributions
RUN PKGS="ImageMagick ImageMagick-devel unixODBC-devel mariadb sphinx applydockerignore libaio file gcc-c++ cairo-devel pango-devel libjpeg-turbo-devel giflib-devel" \
    && yum -y install --setopt=tsflags=nodocs yum-utils \
    && yum-config-manager --enable rhel-7-server-optional-rpms \
    && yum-config-manager --enable rhel-server-rhscl-7-rpms \
    && yum -y install --setopt=tsflags=nodocs $PKGS $NODEJS_SCL \
    && rpm --verify --nogroup --nouser $PKGS \
    && yum -y clean all

# Copy source code into container
ADD porta-*.tar.gz /tmp
COPY node-v12.13.0-headers.tar.gz /tmp/

# Apply product patches (product uses internally-mirrored github repositories for the build) and remove unnecessary product code
RUN cd /tmp/porta-* \
    && /usr/bin/applydockerignore . \
    && rm -f /tmp/porta-*/openshift/system/sphinx*.rpm \
    && rm -rf /tmp/porta-*/portafly \
    && sed -i -e 's|github.com|code.engineering.redhat.com/gerrit|g' Gemfile* \
    && cd /opt/system \
    && cp -pR /tmp/porta-*/. .

RUN echo '{"revision": "2.11-stable", "release": "2.11"}' > /opt/system/.deploy_info

# install RH IT Root CA, so we can download sources from gerrit (code.engineering.redhat.com)
RUN curl -o /etc/pki/ca-trust/source/anchors/newca.crt https://password.corp.redhat.com/RH-IT-Root-CA.crt \
  && update-ca-trust extract

RUN source /opt/app-root/etc/scl_enable \
    && gem install --no-document bundler:2.2.25 --source $GEMS_REPO \
    && bundle config mirror.http://rubygems.org $GEMS_REPO \
    && bundle config mirror.https://rubygems.org $GEMS_REPO \
    && bundle install --verbose --deployment --jobs $(grep -c processor /proc/cpuinfo) --retry=5 --full-index

# Cache oracle gem dependencies. Those gems are open source and do not contain Oracle libraries
RUN source /opt/app-root/etc/scl_enable \
    && printf "source 'https://rubygems.org'\ngem 'activerecord-oracle_enhanced-adapter', '1.7.11'\ngem 'ruby-oci8', '2.2.6.1'\n" > Gemfile.oracle \
    && mv .bundle .bundle.bak \
    && BUNDLE_GEMFILE=Gemfile.oracle bundle package --no-install --all \
    && rm -rf Gemfile.oracle* .bundle \
    && mv .bundle.bak .bundle

RUN source /opt/app-root/etc/scl_enable \
    && npm config set strict-ssl=false \
    && npm config set registry=$NPM_REPO \
    && npm install -g yarn@1.22.0 \
    && yarn config set strict-ssl=false \
    && yarn config set registry=$NPM_REPO

RUN sed -i -e "s@https://registry.yarnpkg.com/\|https://registry.npmjs.org/@$NPM_REPO@g" yarn.lock

RUN source /opt/app-root/etc/scl_enable \
    && rm -rf node_modules \
    && yarn install:safe

RUN chgrp root /opt/system/ \
    && cp -pR config/docker/* ./config/ \
    && cp -pR openshift/system/config/* ./config/ \
    && cp -pR openshift/system/contrib/scl_enable /opt/app-root/etc/ \
    && yum -y remove applydockerignore \
    ImageMagick-devel unixODBC-devel bzip2-devel \
    ghostscript-devel jasper-devel libICE-devel libSM-devel \
    libXext-devel libXt-devel libtiff-devel gd-devel \
    gcc-c++ cairo-devel pango-devel libjpeg-turbo-devel giflib-devel $NODEJS_SCL rh-nodejs14

RUN source /opt/app-root/etc/scl_enable \
   && bundle exec rake tmp:create \
   && mkdir -p public/assets db/sphinx \
   && chmod g+w -vfR log tmp public/assets db/sphinx \
   && umask 0002 \
   && cd /opt/system \
   && bundle exec rake assets:precompile tmp:clear \
   && rm log/*.log \
   && rm -rf node_modules \
   && cp openshift/system/entrypoint.sh /opt/system/entrypoint.sh \
   && rm -rf /tmp/porta* /opt/system/openshift/system/sphinx*.rpm \
   && rm -rf /opt/system/vendor/oracle/ /opt/system/test/ /opt/system/spec/ /opt/system/features/ /opt/system/lib/proxy \
   && cp config/oracle/*.ini /etc/ \
   && rm -rf /var/cache/yum/* \
   && install -D /opt/system/doc/licenses/licenses.xml /root/licenses/3scale-amp-system-container/licenses.xml

# Remove Red Hat IT root Certificate Authority (CA). We don't need it in the final product.
RUN rm /etc/pki/ca-trust/source/anchors/newca.crt \
  && update-ca-trust extract

USER 1001

ENTRYPOINT ["/opt/system/entrypoint.sh"]
CMD ["unicorn", "-c", "config/unicorn.rb", "-E", "${RAILS_ENV}", "config.ru"]
