#@follow_tag(registry.redhat.io/rhscl/s2i-base-rhel7:1)
FROM registry.redhat.io/rhscl/s2i-base-rhel7:1-371.1661531720

# This image provides a Ruby environment you can use to run your Ruby
# applications.

EXPOSE 8080

ENV RUBY_MAJOR_VERSION=2 \
    RUBY_MINOR_VERSION=6

ENV RUBY_VERSION="${RUBY_MAJOR_VERSION}.${RUBY_MINOR_VERSION}" \
    RUBY_SCL_NAME_VERSION="${RUBY_MAJOR_VERSION}${RUBY_MINOR_VERSION}"

# Set SCL related variables in Dockerfile so that the collection is enabled by default
ENV RUBY_SCL="rh-ruby${RUBY_SCL_NAME_VERSION}" \
    IMAGE_NAME="rhscl/ruby-${RUBY_SCL_NAME_VERSION}-rhel7" \
    SUMMARY="Platform for building and running Ruby $RUBY_VERSION applications" \
    DESCRIPTION="Ruby $RUBY_VERSION available as container is a base platform for \
building and running various Ruby $RUBY_VERSION applications and frameworks. \
Ruby is the interpreted scripting language for quick and easy object-oriented programming. \
It has many features to process text files and to do system management tasks (as in Perl). \
It is simple, straight-forward, and extensible." \
    PATH="/opt/rh/rh-ruby${RUBY_SCL_NAME_VERSION}/root/usr/local/bin:/opt/rh/rh-ruby${RUBY_SCL_NAME_VERSION}/root/usr/bin:/opt/rh/${NODEJS_SCL}/root/usr/bin:${PATH}" \
    LD_LIBRARY_PATH="/opt/rh/rh-ruby${RUBY_SCL_NAME_VERSION}/root/usr/local/lib64:/opt/rh/rh-ruby${RUBY_SCL_NAME_VERSION}/root/usr/lib64:/opt/rh/${NODEJS_SCL}/root/usr/lib64" \
    X_SCLS="${NODEJS_SCL} rh-ruby${RUBY_SCL_NAME_VERSION}" \
    MANPATH="/opt/rh/rh-ruby${RUBY_SCL_NAME_VERSION}/root/usr/local/share/man:/opt/rh/rh-ruby${RUBY_SCL_NAME_VERSION}/root/usr/share/man:/opt/rh/${NODEJS_SCL}/root/usr/share/man:" \
    XDG_DATA_DIRS="/opt/rh/rh-ruby${RUBY_SCL_NAME_VERSION}/root/usr/local/share:/opt/rh/rh-ruby${RUBY_SCL_NAME_VERSION}/root/usr/share:/usr/local/share:/usr/share" \
    PKG_CONFIG_PATH="/opt/rh/rh-ruby${RUBY_SCL_NAME_VERSION}/root/usr/local/lib64/pkgconfig:/opt/rh/rh-ruby${RUBY_SCL_NAME_VERSION}/root/usr/lib64/pkgconfig"

LABEL summary="$SUMMARY" \
      description="$DESCRIPTION" \
      io.k8s.description="$DESCRIPTION" \
      io.k8s.display-name="Ruby ${RUBY_VERSION}" \
      io.openshift.expose-services="8080:http" \
      io.openshift.tags="builder,ruby,ruby${RUBY_SCL_NAME_VERSION},${RUBY_SCL}" \
      com.redhat.component="${RUBY_SCL}-container" \
      name="${IMAGE_NAME}" \
      version="${RUBY_VERSION}" \
      com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \
      usage="s2i build https://github.com/sclorg/s2i-ruby-container.git --context-dir=${RUBY_VERSION}/test/puma-test-app/ ${IMAGE_NAME} ruby-sample-app" \
      maintainer="SoftwareCollections.org <sclorg@redhat.com>"

RUN yum install -y yum-utils && \
    prepare-yum-repositories rhel-server-rhscl-7-rpms && \
    INSTALL_PKGS=" \
      libffi-devel \
      ${RUBY_SCL} \
      ${RUBY_SCL}-ruby-devel \
      ${RUBY_SCL}-rubygem-rake \
      ${RUBY_SCL}-rubygem-bundler \
      " && \
    yum install -y --setopt=tsflags=nodocs ${INSTALL_PKGS} && \
    yum -y clean all --enablerepo='*' && \
    rpm -V ${INSTALL_PKGS}

# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH
COPY ./s2i/bin/ $STI_SCRIPTS_PATH

# Copy extra files to the image.
COPY ./root/ /

# Drop the root user and make the content of /opt/app-root owned by user 1001
RUN chown -R 1001:0 ${APP_ROOT} && chmod -R ug+rwx ${APP_ROOT} && \
    rpm-file-permissions

USER 1001

# Set the default CMD to print the usage of the language image
CMD $STI_SCRIPTS_PATH/usage

LABEL summary="3scale API Management platform main system." \
      description="3scale is an API Management Platform suitable \
                   to manage both internal and external API services. \
                   This image contains the platform main system \
                   including usage policies, access control, analytics, \
                   developer portal, and API documentation." \
      io.k8s.display-name="3scale API manager (system)" \
      io.k8s.description="3scale is an API Management Platform suitable \
                   to manage both internal and external API services. \
                   This image contains the platform main system \
                   including usage policies, access control, analytics, \
                   developer portal, and API documentation." \
      io.openshift.expose-services="3000:system,9306:system" \
      io.openshift.tags="integration, api management, 3scale, rhamp, developer portal, api documentation, api analytics"

# Labels consumed by Red Hat build service
LABEL com.redhat.component="3scale-amp-system-container" \
      name="3scale-amp2/system-rhel7" \
      maintainer="hramihaj@redhat.com" \
    version="1.16.0"

ENV BASH_ENV=/opt/app-root/etc/scl_enable \
   ENV=/opt/app-root/etc/scl_enable \
   PROMPT_COMMAND=". /opt/app-root/etc/scl_enable" \
   RAILS_ENV=production \
   SAFETY_ASSURED=1 \
   BUNDLE_WITHOUT=development:test \
   TZ=:/etc/localtime \
   BUNDLE_GEMFILE=Gemfile \
   NODE_OPTIONS="--max_old_space_size=4096" \
   NODEJS_SCL=rh-nodejs12 \
#   npm_config_tarball=/tmp/node-v12.13.0-headers.tar.gz \
   NPM_REPO=https://repository.engineering.redhat.com/nexus/repository/registry.npmjs.org/ \
   GEMS_REPO=https://origin-repository.jboss.org/nexus/content/groups/rubygems_store/
# if outside the VPN, use: GEMS_REPO=https://repository.jboss.org/nexus/content/groups/rubygems_store/

EXPOSE 3000 9306

USER root

WORKDIR /opt/system

ARG BUILD_TYPE=brew

COPY $BUILD_TYPE.repo /etc/yum.repos.d/brew.repo

# required by node-pre-gyp to build node-canvas from source
# https://github.com/Automattic/node-canvas/wiki/Installation:-Fedora-and-other-RPM-based-distributions
RUN PKGS="ImageMagick ImageMagick-devel unixODBC-devel mariadb sphinx applydockerignore libaio file gcc-c++ cairo-devel pango-devel libjpeg-turbo-devel giflib-devel" \
    && yum -y install --setopt=tsflags=nodocs yum-utils \
    && yum-config-manager --enable rhel-7-server-optional-rpms \
    && yum-config-manager --enable rhel-server-rhscl-7-rpms \
    && yum -y install --setopt=tsflags=nodocs $PKGS $NODEJS_SCL \
    && rpm --verify --nogroup --nouser $PKGS \
    && yum -y clean all

# Copy source code into container
ADD porta-*.tar.gz /tmp

# Copy the upstream sources from cachito integration
COPY $REMOTE_SOURCES $REMOTE_SOURCES_DIR

ENV npm_config_nodedir=${REMOTE_SOURCES_DIR}/nodejs/app

# Apply product patches (product uses internally-mirrored github repositories for the build) and remove unnecessary product code
RUN cd /tmp/porta-* \
    && /usr/bin/applydockerignore . \
    && rm -f /tmp/porta-*/openshift/system/sphinx*.rpm \
    && rm -rf /tmp/porta-*/portafly

RUN cd /tmp/porta-* \
    && sed -i -e 's|github.com|code.engineering.redhat.com/gerrit|g' Gemfile*

RUN cd /opt/system \
    && cp -pR /tmp/porta-*/. .

RUN echo '{"revision": "2.12-stable", "release": "2.12"}' > /opt/system/.deploy_info

# install RH IT Root CA, so we can download sources from gerrit (code.engineering.redhat.com)
RUN curl -o /etc/pki/ca-trust/source/anchors/newca.crt https://password.corp.redhat.com/RH-IT-Root-CA.crt \
  && update-ca-trust extract

RUN source /opt/app-root/etc/scl_enable \
    && gem install --no-document bundler:2.2.25 --source $GEMS_REPO \
    && bundle config mirror.http://rubygems.org $GEMS_REPO \
    && bundle config mirror.https://rubygems.org $GEMS_REPO \
    && bundle install --verbose --deployment --jobs $(grep -c processor /proc/cpuinfo) --retry=5 --full-index

# Cache oracle gem dependencies. Those gems are open source and do not contain Oracle libraries
RUN source /opt/app-root/etc/scl_enable \
    && printf "source 'https://rubygems.org'\ngem 'activerecord-oracle_enhanced-adapter'\ngem 'ruby-oci8'\n" > Gemfile.oracle \
    && cp Gemfile.lock Gemfile.oracle.lock \
    && mv .bundle .bundle.bak && mkdir .bundle \
    && bundle config set --local no_install true \
    && bundle config set --local cache_all true \
    && bundle package --gemfile=Gemfile.oracle \
    && rm -rf Gemfile.oracle* .bundle \
    && mv .bundle.bak .bundle

RUN source /opt/app-root/etc/scl_enable \
    && npm config set strict-ssl=false \
    && npm config set registry=$NPM_REPO \
    && npm install -g yarn@1.22.0 \
    && yarn config set strict-ssl=false \
    && yarn config set registry=$NPM_REPO

RUN sed -i -e "s@https://registry.yarnpkg.com/\|https://registry.npmjs.org/@$NPM_REPO@g" yarn.lock

RUN source /opt/app-root/etc/scl_enable \
    && rm -rf node_modules \
    && yarn install:safe

RUN chgrp root /opt/system/ \
    && cp -pR config/docker/* ./config/ \
    && cp -pR openshift/system/config/* ./config/ \
    && cp -pR openshift/system/contrib/scl_enable /opt/app-root/etc/ \
    && yum -y remove applydockerignore \
    ImageMagick-devel unixODBC-devel bzip2-devel \
    ghostscript-devel jasper-devel libICE-devel libSM-devel \
    libXext-devel libXt-devel libtiff-devel gd-devel \
    gcc-c++ cairo-devel pango-devel libjpeg-turbo-devel giflib-devel $NODEJS_SCL rh-nodejs14

RUN source /opt/app-root/etc/scl_enable \
   && bundle exec rake tmp:create \
   && mkdir -p public/assets db/sphinx \
   && chmod g+w -vfR log tmp public/assets db/sphinx \
   && umask 0002 \
   && cd /opt/system \
   && SECRET_KEY_BASE=rails/32947 bundle exec rake assets:precompile tmp:clear \
   && rm log/*.log \
   && rm -rf node_modules \
   && cp openshift/system/entrypoint.sh /opt/system/entrypoint.sh \
   && rm -rf /tmp/porta* /opt/system/openshift/system/sphinx*.rpm \
   && rm -rf /opt/system/vendor/oracle/ /opt/system/test/ /opt/system/spec/ /opt/system/features/ /opt/system/lib/proxy \
   && cp config/oracle/*.ini /etc/ \
   && rm -rf /var/cache/yum/* \
   && install -D /opt/system/doc/licenses/licenses.xml /root/licenses/3scale-amp-system-container/licenses.xml

# Remove Red Hat IT root Certificate Authority (CA). We don't need it in the final product.
RUN rm /etc/pki/ca-trust/source/anchors/newca.crt \
  && update-ca-trust extract

USER 1001

ENTRYPOINT ["/opt/system/entrypoint.sh"]
CMD ["unicorn", "-c", "config/unicorn.rb", "-E", "${RAILS_ENV}", "config.ru"]
