# 3scale Backend image using the Red Hat 8 Universal Base Image (UBI) for
# minimal space release.
#
# Everything is set up in a single RUN command.
#
# This is based on and tracking the behavior of the more generic Dockerfile.
#
# Knobs you should know about:
#
# - RUBY_VERSION: Ruby version used.
# - BUILD_DEP_PKGS: Packages needed to build/install the project.
# - PUMA_WORKERS: (edit ENV) Default number of Puma workers to serve the app.
#
#@follow_tag(registry.redhat.io/ubi8/ubi-minimal:8.6)
FROM registry.redhat.io/ubi8/ubi-minimal:8.6-994

LABEL summary="3scale API Management platform backend." \
      description="3scale is an API Management Platform suitable to manage both internal and external API services. This image contains the platform's backend, which takes care of applying rate limits, authorization, and reporting of HTTP(s) requests." \
      io.k8s.description="3scale is an API Management Platform suitable to manage both internal and external API services. This image contains the platform's backend, which takes care of applying rate limits, authorization, and reporting of HTTP(s) requests." \
      io.k8s.display-name="3scale API manager (backend)" \
      io.openshift.expose-services="3000:backend" \
      io.openshift.tags="api, backend, 3scale, 3scale-amp"

# Labels consumed by Red Hat build service
LABEL com.redhat.component="3scale-amp-backend-container" \
      maintainer="eastizle@redhat.com" \
      name="3scale-amp2/backend-rhel8" \
    version="1.16.0"

ARG RUBY_VERSION="2.7"
ARG BUILD_DEPS="tar make file findutils git patch gcc automake autoconf libtool redhat-rpm-config openssl-devel ruby-devel"
ARG PUMA_WORKERS=1

# Set TZ to avoid glibc wasting time with unneeded syscalls
ENV TZ=:/etc/localtime \
    HOME=/home \
    # App-specific env
    RACK_ENV=production \
    CONFIG_SAAS=false \
    CONFIG_LOG_PATH=/tmp/ \
    CONFIG_WORKERS_LOG_FILE=/dev/stdout \
    PUMA_WORKERS=${PUMA_WORKERS} \
    GEMS_REPO=https://origin-repository.jboss.org/nexus/content/groups/rubygems_store/
# if outside the VPN, use: GEMS_REPO=https://repository.jboss.org/nexus/content/groups/rubygems_store/

ARG BUILD_TYPE=brew
COPY $BUILD_TYPE.repo /etc/yum.repos.d/brew.repo

# install RH IT Root CA, so we can download sources from gerrit (code.engineering.redhat.com)
RUN curl -o /etc/pki/ca-trust/source/anchors/newca.crt https://password.corp.redhat.com/RH-IT-Root-CA.crt \
 && update-ca-trust extract

WORKDIR "${HOME}/app"

# Copy sources
ADD apisonator-*.tar.gz /tmp

# Apply product patches (product uses internally-mirrored github repositories for the build)
RUN cd /tmp/apisonator-* \
    && sed -i -e 's|github.com|code.engineering.redhat.com/gerrit|g' Gemfile* \
    && cd "${HOME}/app/" \
    && cp -Rp /tmp/apisonator-*/* "${HOME}/app"

RUN echo -e "[ruby]\nname=ruby\nstream=${RUBY_VERSION}\nprofiles=\nstate=enabled\n" > /etc/dnf/modules.d/ruby.module \
 && microdnf update --nodocs \
 && microdnf install --nodocs ruby \
 && chown -R 1001:1001 "${HOME}" \
 && microdnf install --nodocs ${BUILD_DEPS} \
 && mkdir -p "${HOME}/.gem/bin" \
 && echo "gem: --bindir ~/.gem/bin" > "${HOME}/.gemrc" \
 && gem uninstall --executables bundler \
 && BUNDLED_WITH=$(cat Gemfile.on_prem.lock | \
      grep -A 1 "^BUNDLED WITH$" | tail -n 1 | sed -e 's/\s//g') \
 && gem install -N bundler --version "${BUNDLED_WITH}" --source $GEMS_REPO \
 && echo Using $(bundle --version) \
 && bundle config --local silence_root_warning 1 \
 && bundle config --local disable_shared_gems 1 \
 && bundle config --local without development:test \
 && bundle config --local gemfile Gemfile.on_prem \
 && bundle config mirror.http://rubygems.org $GEMS_REPO \
 && bundle config mirror.https://rubygems.org $GEMS_REPO \
 && cp -n openshift/3scale_backend.conf /etc/ \
 && chmod 644 /etc/3scale_backend.conf \
 && BACKEND_VERSION=$(gem build apisonator.gemspec | \
      sed -n -e 's/^\s*Version\:\s*\([^[:space:]]*\)$/\1/p') \
 && gem unpack "apisonator-${BACKEND_VERSION}.gem" --target=/opt/ruby \
 && cd "/opt/ruby/apisonator-${BACKEND_VERSION}" \
 && cp -a ${HOME}/app/.bundle "/opt/ruby/apisonator-${BACKEND_VERSION}/" \
 && echo "Deleting the following unused Gemfile files:" \
 && find . -maxdepth 1 -regex \./Gemfile"\(\..*\)?" \
      ! -regex \./$(sed -e 's/[^^]/[&]/g; s/\^/\\^/g' <<< Gemfile.on_prem)"\(\.lock\)?" \
      ! -name Gemfile.base -print -delete \
 && bundle install --jobs $(grep -c processor /proc/cpuinfo) \
 && ln -s ${PWD} /opt/app \
 && cp ${HOME}/app/openshift/config/puma.rb ./config/ \
 && cp -n ${HOME}/app/openshift/backend-cron /usr/local/sbin/backend-cron \
 && cp -n ${HOME}/app/openshift/entrypoint.sh ./ \
 && rm -rf ${HOME}/app \
 && mkdir -p -m 0770 /var/run/3scale/ \
 && mkdir -p -m 0770 /var/log/backend/ \
 && touch /var/log/backend/3scale_backend{,_worker}.log \
 && chmod g+rw /var/log/backend/3scale_backend{,_worker}.log

RUN chmod +t /tmp

RUN rm /etc/pki/ca-trust/source/anchors/newca.crt \
  && update-ca-trust extract

RUN mkdir -p /root/licenses/3scale-amp-backend-container && find /opt/ruby -name licenses.xml -exec cp '{}' /root/licenses/3scale-amp-backend-container/ \;

EXPOSE 3000

USER 1001

WORKDIR /opt/app

ENTRYPOINT ["/bin/bash", "--", "/opt/app/entrypoint.sh"]
