FROM rhscl/ruby-25-rhel7:2.5-57.1584463510

LABEL summary="3scale API Management platform backend." \
      description="3scale is an API Management Platform suitable to manage both internal and external API services. This image contains the platform's backend, which takes care of applying rate limits, authorization, and reporting of HTTP(s) requests." \
      io.k8s.description="3scale is an API Management Platform suitable to manage both internal and external API services. This image contains the platform's backend, which takes care of applying rate limits, authorization, and reporting of HTTP(s) requests." \
      io.k8s.display-name="3scale API manager (backend)" \
      io.openshift.expose-services="3000:backend" \
      io.openshift.tags="api, backend, 3scale, 3scale-amp"

# Labels consumed by Red Hat build service
LABEL com.redhat.component="3scale-amp-backend-container" \
      maintainer="eastiz@redhat.com" \
      name="3scale-amp2/backend-rhel7" \
    version="1.11.0"

EXPOSE 3000

USER root

WORKDIR /tmp/app

ARG BUILD_TYPE=brew
COPY $BUILD_TYPE.repo /etc/yum.repos.d/brew.repo

RUN PKGS='iputils hostname' \
 && yum -y --setopt=tsflags=nodocs install $PKGS \
 && rpm -V $PKGS \
 && yum clean all -y

# install RH IT Root CA, so we can download sources from gerrit (code.engineering.redhat.com)
RUN curl -o /etc/pki/ca-trust/source/anchors/newca.crt https://password.corp.redhat.com/RH-IT-Root-CA.crt \
  && update-ca-trust extract

# Base image includes rh-nodejs8 packages not needed
RUN sed -i 's/\$NODEJS_SCL//' /opt/app-root/etc/scl_enable

RUN source /opt/app-root/etc/scl_enable \
 && gem env \
 && bundle config --local silence_root_warning 1 \
 && bundle config --local disable_shared_gems 1 \
 && bundle config --local without development:test \
 && bundle config --local gemfile Gemfile \
 && bundle config mirror.http://rubygems.org https://origin-repository.jboss.org/nexus/content/groups/rubygems_store/ \
 && bundle config mirror.https://rubygems.org https://origin-repository.jboss.org/nexus/content/groups/rubygems_store/

ADD apisonator-*.tar.gz /tmp
COPY extra-packages.txt /tmp
COPY extra-packages-yum.txt /tmp
RUN cd /tmp/app && cp -Rp /tmp/apisonator-*/* /tmp/app

RUN source /opt/app-root/etc/scl_enable \
 && cp -n openshift/3scale_backend.conf /etc/ \
 && chmod 644 /etc/3scale_backend.conf \
 && BACKEND_VERSION=$(gem build 3scale_backend.gemspec | \
      sed -n -e 's/^\s*Version\:\s*\([^\s]*\)$/\1/p') \
 && gem unpack *.gem --target=/opt/ruby \
 && cd "/opt/ruby/3scale_backend-${BACKEND_VERSION}" \
 && cp -a /tmp/app/.bundle "/opt/ruby/3scale_backend-${BACKEND_VERSION}/" \
 # Equivalent to upstream find.
 && mv Gemfile.on_prem Gemfile \
 && mv Gemfile.on_prem.lock Gemfile.lock \
# && mkdir vendor \
# && bundle package --no-install \
 
 # Fix to compile Puma C extensions. For some reason "bundle install" does not work correctly.
# && cd vendor/cache/puma*/ext/puma_http11 \
# && ruby extconf.rb \
# && make \
# && cp puma_http11.so ../../lib/puma \

# && cd "/opt/ruby/3scale_backend-${BACKEND_VERSION}" \
 && bundle install --deployment --jobs $(grep -c processor /proc/cpuinfo) --full-index \
 && ln -sf ${PWD} /opt/app \
 && cp /tmp/app/openshift/config/puma.rb ./config/ \
 && cp -n /tmp/app/openshift/backend-cron /usr/local/sbin/backend-cron \
 && cp -n /tmp/app/openshift/entrypoint.sh ./ \
 && rm -rf /tmp/app \
 && mkdir -p -m 0770 /var/run/3scale/ \
 && mkdir -p -m 0770 /var/log/backend/ \
 && touch /var/log/backend/3scale_backend{,_worker}.log \
 && chmod g+rw /var/log/backend/3scale_backend{,_worker}.log \
 && rm -rf /tmp/apisonator* \
 && yum -y remove git \
 && yum remove -y $(cat /tmp/extra-packages.txt) \
 && yum -y clean all \
# yum package is protected using yum package manager. Must be removed using rpm.
# Remove yum package and no longer required dependencies
 && rpm -e $(cat /tmp/extra-packages-yum.txt) \
 && rm -f /tmp/extra-packages*.txt

RUN rm /etc/pki/ca-trust/source/anchors/newca.crt \
  && update-ca-trust extract

RUN mkdir -p /root/licenses/3scale-amp-backend-container && find /opt/ruby -name licenses.xml -exec cp '{}' /root/licenses/3scale-amp-backend-container/ \;

WORKDIR /opt/app

USER 1001

ARG PUMA_WORKERS=1

# Set TZ to avoid glibc wasting time with unneeded syscalls
ENV TZ=:/etc/localtime \
    HOME=/tmp/ \
    ENV_SETUP=/opt/app-root/etc/scl_enable \
    # App-specific env
    RACK_ENV=production \
    CONFIG_SAAS=false \
    CONFIG_LOG_PATH=/tmp/ \
    CONFIG_NOTIFICATION_BATCH=1 \
    CONFIG_WORKERS_LOG_FILE=/dev/stdout \
    PUMA_WORKERS=${PUMA_WORKERS}

ENTRYPOINT ["/bin/bash", "--", "/opt/app/entrypoint.sh"]
