ARG VERSION

# --------------------------------------------------------------------------------------------------
# Builder Image
# --------------------------------------------------------------------------------------------------
FROM cytopia/ansible:${VERSION} as builder
ARG VERSION

RUN set -eux \
	&& apk add --update --no-cache \
		curl

# Python packages (copied to final image)
RUN set -eux \
	&& if [ "${VERSION}" = "2.5" ]; then \
		pip3 install --no-cache-dir --no-compile dnspython mitogen==0.2.10; \
	elif [ "${VERSION}" = "2.6" ]; then \
		pip3 install --no-cache-dir --no-compile dnspython mitogen==0.2.10; \
	elif [ "${VERSION}" = "2.7" ]; then \
		pip3 install --no-cache-dir --no-compile dnspython mitogen==0.2.10; \
	elif [ "${VERSION}" = "2.8" ]; then \
		pip3 install --no-cache-dir --no-compile dnspython mitogen==0.2.10; \
	elif [ "${VERSION}" = "2.9" ]; then \
		pip3 install --no-cache-dir --no-compile dnspython mitogen==0.2.10; \
	else \
		pip3 install --no-cache-dir --no-compile dnspython mitogen; \
	fi \
	\
	&& pip3 install --no-cache-dir --no-compile \
		jmespath \
	\
	&& find /usr/lib/ -name '__pycache__' -print0 | xargs -0 -n1 rm -rf \
	&& find /usr/lib/ -name '*.pyc' -print0 | xargs -0 -n1 rm -rf

# Binaries (copied to final image)
RUN set -eux \
	&& if [ "$(uname -m)" = "aarch64" ]; then \
		ARCH="arm64"; \
	elif [ "$(uname -m)" = "x86_64" ]; then \
		ARCH="amd64"; \
	else \
		fail; \
	fi \
	\
	&& YQ="$( curl -L -sS --fail -o /dev/null -w %{url_effective} https://github.com/mikefarah/yq/releases/latest | sed 's/^.*\///g' )" \
	\
	&& curl -L -sS --fail "https://github.com/mikefarah/yq/releases/download/${YQ}/yq_linux_${ARCH}" > /usr/bin/yq \
	&& chmod +x /usr/bin/yq \
	\
	&& yq --version


# --------------------------------------------------------------------------------------------------
# Final Image
# --------------------------------------------------------------------------------------------------
FROM cytopia/ansible:${VERSION} as production
ARG VERSION
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.vendor"="cytopia"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.url"="https://github.com/cytopia/docker-ansible"
LABEL "org.opencontainers.image.documentation"="https://github.com/cytopia/docker-ansible"
LABEL "org.opencontainers.image.source"="https://github.com/cytopia/docker-ansible"
LABEL "org.opencontainers.image.ref.name"="Ansible ${VERSION} tools"
LABEL "org.opencontainers.image.title"="Ansible ${VERSION} tools"
LABEL "org.opencontainers.image.description"="Ansible ${VERSION} tools"

# Define uid/gid and user/group names
ENV \
	MY_USER=ansible \
	MY_GROUP=ansible \
	MY_UID=1000 \
	MY_GID=1000

# Add user and group
RUN set -eux \
	&& addgroup -g ${MY_GID} ${MY_GROUP} \
	&& adduser -h /home/ansible -s /bin/bash -G ${MY_GROUP} -D -u ${MY_UID} ${MY_USER} \
	\
	&& mkdir /home/ansible/.gnupg \
	&& chown ansible:ansible /home/ansible/.gnupg \
	&& chmod 0700 /home/ansible/.gnupg \
	\
	&& mkdir /home/ansible/.ssh \
	&& chown ansible:ansible /home/ansible/.ssh \
	&& chmod 0700 /home/ansible/.ssh

# Additional binaries
RUN set -eux \
	&& apk add --no-cache \
		bash \
		git \
		gnupg \
		jq \
		openssh-client

COPY --from=builder /usr/lib/python3.10/site-packages/ /usr/lib/python3.10/site-packages/
COPY --from=builder /usr/bin/yq /usr/bin/yq
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh

WORKDIR /data
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["/bin/bash"]
