# Builds community-ansible-dev-tools-container-base image which provides
# container-in-container support and all installs all binary dependencies
# cspell:ignore minrate,opencontainers,cffi,ruamel,subuid,subgid,workdir,chgrp,mountopt,microdnf,makecache,setcaps,pylibssh,chsh,nodev,overlayfs,libssh,markupsafe,additionalimage,USERNS
FROM community-ansible-dev-tools-base:latest

USER root

# When building for multiple-architectures in parallel using emulation
# it's really easy for one/more dnf processes to timeout or mis-count
# the minimum download rates.  Bump both to be extremely forgiving of
# an overworked host.
RUN echo -e "\n\n# Added during image build" >> /etc/dnf/dnf.conf && \
    echo -e "minrate=100\ntimeout=60\n" >> /etc/dnf/dnf.conf

LABEL org.opencontainers.image.source=https://github.com/ansible/ansible-dev-tools
LABEL org.opencontainers.image.authors="Ansible DevTools"
LABEL org.opencontainers.image.vendor="Red Hat"
LABEL org.opencontainers.image.licenses="GPL-3.0"
LABEL org.opencontainers.image.description="An execution environment targeted for Ansible content creators."


RUN microdnf -y makecache && microdnf -y update
RUN microdnf -y install shadow-utils
RUN rpm --setcaps shadow-utils 2>/dev/null
RUN \
microdnf install -y \
tar \
echo \
podman \
fuse-overlayfs \
openssh-clients \
zsh \
util-linux-user \
which \
git \
nano \
vim \
dumb-init \
# ansible-pylibssh needs:
gcc \
git-core \
libssh-devel \
python3-markupsafe \
# ansible-navigator needs:
ncurses \
oniguruma-devel \
python3-bcrypt \
python3-cffi \
python3-pip \
python3-pyyaml \
python3-ruamel-yaml \
python3-wheel \
--exclude container-selinux \
    && microdnf clean all \
    && ln -s /usr/bin/vim /usr/bin/vi

ARG _REPO_URL="https://raw.githubusercontent.com/containers/image_build/main/podman"
ADD $_REPO_URL/containers.conf /etc/containers/containers.conf

RUN chmod 644 /etc/containers/containers.conf

# Copy & modify the defaults to provide reference if runtime changes needed.
# Changes here are required for running with fuse-overlay storage inside container.
RUN sed -e 's|^#mount_program|mount_program|g' \
              -e '/additionalimage.*/a "/var/lib/shared",' \
              -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
              /usr/share/containers/storage.conf \
              > /etc/containers/storage.conf

# Note VOLUME options must always happen after the chown call above
# RUN commands can not modify existing volumes
VOLUME /var/lib/containers

RUN mkdir -p /var/lib/shared/overlay-images \
                /var/lib/shared/overlay-layers \
                /var/lib/shared/vfs-images \
                /var/lib/shared/vfs-layers && \
        touch /var/lib/shared/overlay-images/images.lock && \
        touch /var/lib/shared/overlay-layers/layers.lock && \
        touch /var/lib/shared/vfs-images/images.lock && \
        touch /var/lib/shared/vfs-layers/layers.lock

ENV _CONTAINERS_USERNS_CONFIGURED=""
ENV ANSIBLE_DEV_TOOLS_CONTAINER=1
ENV PIP_ROOT_USER_ACTION=ignore


# In OpenShift, container will run as a random uid number and gid 0. Make sure things
# are writeable by the root group.
RUN for dir in \
      /tmp/dist \
      /home/runner \
      /home/runner/.ansible \
      /home/runner/.ansible/tmp \
      /runner \
      /home/runner \
      /runner/env \
      /runner/inventory \
      /runner/project \
      /runner/artifacts ; \
    do mkdir -m 0775 -p $dir ; chmod -R g+rwx $dir ; chgrp -R root $dir ; done && \
    for file in \
      /home/runner/.ansible/galaxy_token \
      /etc/passwd \
      /etc/group ; \
    do touch $file ; chmod g+rw $file ; chgrp root $file ; done

# base ansible-dev-tools setup

COPY dist/*.whl /tmp/dist
RUN sh -ec -o pipefail "ls -1 /tmp/dist/*.whl | xargs -I '{}' python3 -m pip install --no-cache-dir '{}[server,lock]' && rm -rf /tmp/dist"

RUN \
mkdir -p ~/.ansible/roles /usr/share/ansible/roles /etc/ansible/roles && \
git config --system --add safe.directory /

# The dev container for docker runs as root
RUN chsh -s $(which zsh) root

RUN <<EOF
# Install argcomplete
python3 -m pip install argcomplete
activate-global-python-argcomplete
EOF

# Install oh-my-zsh
USER root
RUN sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

# add some helpful CLI commands to check we do not remove them inadvertently and output some helpful version information at build time.
RUN set -ex \
&& ansible --version \
&& ansible-lint --version \
&& ansible-runner --version \
&& molecule --version \
&& molecule drivers \
&& podman --version \
&& python3 --version \
&& git --version \
&& ansible-galaxy role list \
&& ansible-galaxy collection list \
&& rpm -qa \
&& uname -a

# Make a workdir usable by the root user
RUN mkdir -p /workdir

WORKDIR /workdir
ENTRYPOINT ["/opt/builder/bin/entrypoint", "dumb-init"]
CMD ["zsh"]
