Dockerfile.base

FROM registry.fedoraproject.org/fedora:38
LABEL name="art-dash" \
      description="art-dash container image" \
      maintainer="OpenShift Automated Release Tooling (ART) Team <aos-team-art@redhat.com>"

# the build will need to run inside the firewall to access internal resources.
# Install Red Hat IT Root CA and RCM repos
RUN curl -o /etc/pki/ca-trust/source/anchors/2022-IT-Root-CA.pem --fail -L \
    https://certs.corp.redhat.com/certs/2022-IT-Root-CA.pem \
 && update-ca-trust extract \
 && curl -o /etc/yum.repos.d/rcm-tools-fedora.repo https://download.devel.redhat.com/rel-eng/RCMTOOLS/rcm-tools-fedora.repo \
 && dnf install -y \
    # runtime dependencies
    krb5-workstation git rsync \
    python3 python3-certifi python3-rpm python3-rhmsg \
    # development dependencies
    gcc krb5-devel python3-devel python3-pip \
    # other tools
    bash-completion vim tmux wget curl iputils procps-ng psmisc net-tools iproute \
    # install brewkoji
    koji brewkoji \
    mariadb-connector-c-devel openssl-devel \
 && dnf clean all \
 && python3 -m pip install --upgrade pip

# Install OpenShift Client
ARG OC_VERSION=candidate
RUN wget -O /tmp/openshift-client-linux-"$OC_VERSION".tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/"$OC_VERSION"/openshift-client-linux.tar.gz \
    && tar -C /usr/local/bin -xzf /tmp/openshift-client-linux-"$OC_VERSION".tar.gz oc kubectl \
    && rm /tmp/openshift-client-linux-"$OC_VERSION".tar.gz

# Create a non-root user
ARG USERNAME=dev
# On Linux, replace with your actual UID, GID if not the default 1000
ARG USER_UID=1000
ARG USER_GID=$USER_UID

# Create the "dev" user
RUN groupadd --gid "$USER_GID" "$USERNAME" \
    && useradd --uid "$USER_UID" --gid "$USER_GID" -m "$USERNAME" \
    && mkdir -p /workspaces/art-dash /workspaces/{elliott,doozer}{,-working-dir} /home/"$USERNAME"/.config/{elliott,doozer,art-dash} /home/"$USERNAME"/.docker \
    && chown -R "$USER_UID:$USER_GID" /home/"$USERNAME" /workspaces \
    && chmod -R 0755 /home/"$USERNAME" \
    && chmod -R 0777 /workspaces \
    && echo "$USERNAME ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/"$USERNAME" \
    && chmod 0440 /etc/sudoers.d/"$USERNAME"

# Setting HOME to dev user's and adding their bin to PATH
ENV HOME /home/"$USERNAME"
ENV PATH /home/"$USERNAME"/.local/bin:"$PATH"

# Install art-dash and default configs
COPY conf/krb5-redhat.conf /etc/krb5.conf

COPY container/doozer-settings.yaml /home/"$USERNAME"/.config/doozer/settings.yaml
COPY container/elliott-settings.yaml /home/"$USERNAME"/.config/elliott/settings.yaml

WORKDIR /workspaces/art-dash

USER "$USER_UID"
# Clone art-tools and install
RUN git clone https://github.com/openshift-eng/art-tools.git \
    && cd art-tools \
    && pip3 install -e artcommon/ -e doozer/ -e elliott/ -e pyartcd/ -e ocp-build-data-validator/

# Install dependencies from requirements.txt
COPY requirements.txt ./
RUN pip3 install --upgrade -r requirements.txt \
    && rm requirements.txt

EXPOSE 8080