Dockerfile.upstream

FROM openshift/origin-release:golang-1.11 AS builder

WORKDIR /go/src/github.com/operator-framework/operator-sdk

COPY . .

RUN make build/operator-sdk-dev-x86_64-linux-gnu VERSION=dev
ENV GO111MODULE=on
RUN build/operator-sdk-dev-x86_64-linux-gnu new tmp \
      --type=ansible \
      --kind=Tmp \
      --api-version=tmp.example.com/v1 \
 && cd tmp \
 && ../build/operator-sdk-dev-x86_64-linux-gnu migrate

FROM registry.access.redhat.com/ubi8/python-27

USER 0

RUN mkdir -p /etc/ansible \
    && echo "localhost ansible_connection=local" > /etc/ansible/hosts \
    && echo '[defaults]' > /etc/ansible/ansible.cfg \
    && echo 'roles_path = /opt/ansible/roles' >> /etc/ansible/ansible.cfg \
    && echo 'library = /usr/share/ansible/openshift' >> /etc/ansible/ansible.cfg

ENV OPERATOR=/usr/local/bin/ansible-operator \
    USER_UID=1001 \
    USER_NAME=ansible-operator\
    HOME=/opt/ansible

# Install python dependencies
RUN pip install --no-cache-dir ansible-runner ansible-runner-http openshift \
 && yum remove -y python-devel gcc \
 && yum clean all \
 && rm -rf /var/cache/yum

COPY --from=builder /go/src/github.com/operator-framework/operator-sdk/build/operator-sdk-dev-x86_64-linux-gnu ${OPERATOR}
COPY --from=builder /go/src/github.com/operator-framework/operator-sdk/tmp/library/k8s_status.py /usr/share/ansible/openshift/

# Ensure directory permissions are properly set
RUN mkdir -p ${HOME}/.ansible/tmp \
 && chown -R ${USER_UID}:0 ${HOME} \
 && chmod -R ug+rwx ${HOME} \
 && chmod g+rw /etc/passwd

RUN printf '#!/bin/bash -e\n\
if ! whoami &>/dev/null; then\n\
  if [ -w /etc/passwd ]; then\n\
    echo "${USER_NAME:-runner}:x:$(id -u):$(id -g):${USER_NAME:-runner} user:${HOME}:/sbin/nologin" >> /etc/passwd\n\
  fi\n\
fi\n\
exec ${OPERATOR} run ansible --watches-file=/opt/ansible/watches.yaml $@\n'\
> /usr/local/bin/entrypoint \
 && chmod +x /usr/local/bin/entrypoint

ENTRYPOINT ["init", "--", "${OPERATOR}", "run", "ansible", "--watches-file=/opt/ansible/watches.yaml", "$@"]

USER 1001