docker/c7n

# Dockerfiles are generated from tools/dev/dockerpkg.py

FROM ubuntu:22.04 as build-env

ARG POETRY_VERSION="1.4.0"
SHELL ["/bin/bash", "-c"]

# pre-requisite distro deps, and build env setup
RUN adduser --disabled-login --gecos "" custodian
RUN apt-get --yes update
RUN apt-get --yes install --no-install-recommends build-essential curl python3-venv python3-dev
RUN python3 -m venv /usr/local
RUN curl -sSL https://install.python-poetry.org | python3 - -y --version ${POETRY_VERSION}
ARG PATH="/root/.local/bin:$PATH"
WORKDIR /src

# Add core & aws packages
ADD pyproject.toml poetry.lock README.md /src/
RUN . /usr/local/bin/activate && pip install -qU pip wheel aws-xray-sdk psutil jsonpatch

# Ignore root first pass so if source changes we don't have to invalidate
# dependency install
RUN . /usr/local/bin/activate && poetry install --without dev --no-root

# Now install the root package, we used to do this after dependencies of other providers
# but since moving c7n to a main dependency in pyproject toml we have to do this one first.
ADD c7n /src/c7n/
RUN . /usr/local/bin/activate && poetry install --only-root

ARG providers="gcp azure kube openstack tencentcloud"
# Add provider packages
# We include `pyproject.toml` and `poetry.lock` first to allow
# cache of dependency installs.

ADD tools/c7n_gcp/pyproject.toml tools/c7n_gcp/poetry.lock /src/tools/c7n_gcp/
RUN if [[ " ${providers[*]} " =~ "gcp" ]]; then     . /usr/local/bin/activate &&     cd tools/c7n_gcp &&     poetry install --without dev --no-root; fi


ADD tools/c7n_azure/pyproject.toml tools/c7n_azure/poetry.lock /src/tools/c7n_azure/
RUN if [[ " ${providers[*]} " =~ "azure" ]]; then     . /usr/local/bin/activate &&     cd tools/c7n_azure &&     poetry install --without dev --no-root; fi


ADD tools/c7n_kube/pyproject.toml tools/c7n_kube/poetry.lock /src/tools/c7n_kube/
RUN if [[ " ${providers[*]} " =~ "kube" ]]; then     . /usr/local/bin/activate &&     cd tools/c7n_kube &&     poetry install --without dev --no-root; fi


ADD tools/c7n_openstack/pyproject.toml tools/c7n_openstack/poetry.lock /src/tools/c7n_openstack/
RUN if [[ " ${providers[*]} " =~ "openstack" ]]; then     . /usr/local/bin/activate &&     cd tools/c7n_openstack &&     poetry install --without dev --no-root; fi


ADD tools/c7n_tencentcloud/pyproject.toml tools/c7n_tencentcloud/poetry.lock /src/tools/c7n_tencentcloud/
RUN if [[ " ${providers[*]} " =~ "tencentcloud" ]]; then     . /usr/local/bin/activate &&     cd tools/c7n_tencentcloud &&     poetry install --without dev --no-root; fi


# Now install the root of each provider

ADD tools/c7n_gcp /src/tools/c7n_gcp
RUN if [[ " ${providers[*]} " =~ "gcp" ]]; then     . /usr/local/bin/activate &&     cd tools/c7n_gcp &&     poetry install --only-root; fi


ADD tools/c7n_azure /src/tools/c7n_azure
RUN if [[ " ${providers[*]} " =~ "azure" ]]; then     . /usr/local/bin/activate &&     cd tools/c7n_azure &&     poetry install --only-root; fi


ADD tools/c7n_kube /src/tools/c7n_kube
RUN if [[ " ${providers[*]} " =~ "kube" ]]; then     . /usr/local/bin/activate &&     cd tools/c7n_kube &&     poetry install --only-root; fi


ADD tools/c7n_openstack /src/tools/c7n_openstack
RUN if [[ " ${providers[*]} " =~ "openstack" ]]; then     . /usr/local/bin/activate &&     cd tools/c7n_openstack &&     poetry install --only-root; fi


ADD tools/c7n_tencentcloud /src/tools/c7n_tencentcloud
RUN if [[ " ${providers[*]} " =~ "tencentcloud" ]]; then     . /usr/local/bin/activate &&     cd tools/c7n_tencentcloud &&     poetry install --only-root; fi


RUN mkdir /output

FROM ubuntu:22.04

LABEL name="cli" \
      repository="http://github.com/cloud-custodian/cloud-custodian"

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get --yes update \
        && apt-get --yes install python3 python3-venv --no-install-recommends \
        && rm -Rf /var/cache/apt \
        && rm -Rf /var/lib/apt/lists/* \
        && rm -Rf /var/log/*

# These should remain below any other commands because they will invalidate
# the layer cache
COPY --from=build-env /src /src
COPY --from=build-env /usr/local /usr/local
COPY --from=build-env /output /output


RUN adduser --disabled-login --gecos "" custodian
USER custodian
WORKDIR /home/custodian
ENV LC_ALL="C.UTF-8" LANG="C.UTF-8"
VOLUME ["/home/custodian"]
ENTRYPOINT ["/usr/local/bin/custodian"]
CMD ["--help"]

LABEL "org.opencontainers.image.title"="cli"
LABEL "org.opencontainers.image.description"="Cloud Management Rules Engine"
LABEL "org.opencontainers.image.documentation"="https://cloudcustodian.io/docs"