FROM redhat/ubi8:8.8

ARG workdir \
    output_directory \
    psono_nqb_rhel_subs_secret_id

ENV WORKDIR=${workdir} \
    OUTPUT_DIRECTORY=${output_directory} \
    BASE_DIR=/usr/local/pf/lib/perl_modules

ENV PERL5LIB=/root/perl5/lib/perl5:${BASE_DIR}/lib/perl5/ \
    PKG_CONFIG_PATH=/usr/lib/pkgconfig/ \
    CPAN_BIN_PATH="/usr/bin/cpan" \
    CPAN_VERSION=2.36 \
    TINI_VERSION=v0.19.0

ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
RUN chmod +x /tini

WORKDIR ${WORKDIR}

COPY ./addons/packetfence-perl/dependencies.csv ./addons/packetfence-perl/build_package.sh ./addons/packetfence-perl/install_cpan.py ./addons/packetfence-perl/psono.py ${WORKDIR}

#Install python module
RUN dnf -y  upgrade && dnf -y  install python39 && python3.9 -m pip install -q  -U pip && pip install -q pynacl requests

RUN --mount=type=secret,id=PSONO_API_KEY_ID \
    --mount=type=secret,id=PSONO_API_KEY_SECRET_KEY \
    export PSONO_API_KEY_ID=$(cat /run/secrets/PSONO_API_KEY_ID) && \
    export PSONO_API_KEY_SECRET_KEY=$(cat /run/secrets/PSONO_API_KEY_SECRET_KEY) && \
    export REDHAT_USERNAME=$(set -e && python3  psono.py  --api_key_id=$PSONO_API_KEY_ID --api_key_secret_key=$PSONO_API_KEY_SECRET_KEY --secret_id=${psono_nqb_rhel_subs_secret_id} --return_value=username) && \
    export REDHAT_PASSWORD=$(set -e && python3  psono.py  --api_key_id=$PSONO_API_KEY_ID --api_key_secret_key=$PSONO_API_KEY_SECRET_KEY --secret_id=${psono_nqb_rhel_subs_secret_id} --return_value=password) && \
    sed -i 's/\(def in_container():\)/\1\n    return False/g' /usr/lib64/python*/*-packages/rhsm/config.py && \
    subscription-manager register --username $REDHAT_USERNAME --password $REDHAT_PASSWORD --auto-attach

RUN dnf install -y openssl-devel krb5-libs mariadb-devel systemd-devel gd-devel perl-open perl-experimental \
    perl-CPAN perl-IO-Socket-SSL perl-Net-SSLeay perl-Devel-Peek perl-CPAN-DistnameInfo && \ 
    dnf group install -y "Development Tools"

RUN subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms && \
    dnf -y module enable virt-devel && \
    dnf install -y libssh2-devel

RUN subscription-manager unregister

RUN mkdir -p ${WORKDIR}/rhel8 && \
    mkdir -p ${BASE_DIR}/lib/perl5/ \
    mkdir -p ${OUTPUT_DIRECTORY}

# 1. configure CPAN with defaults (answer yes)
# 2. override default conf to UNINST cpan after upgrade (seems mandatory for EL8)
RUN (echo o conf make_install_arg 'UNINST=1'; echo o conf commit)|PERL_MM_USE_DEFAULT=1 ${CPAN_BIN_PATH} &> /dev/null && \
# upgrade CPAN and show version
    ${CPAN_BIN_PATH} -i ANDK/CPAN-${CPAN_VERSION}.tar.gz &> /dev/null && ${CPAN_BIN_PATH} -D CPAN && \
# install modules in a specific directory
    set -o nounset -o errexit && (echo o conf makepl_arg "INSTALL_BASE=${BASE_DIR}"; echo o conf commit)|${CPAN_BIN_PATH} && \
# hard-coded due to quotes
    set -o nounset -o errexit && (echo o conf mbuildpl_arg '"--install_base /usr/local/pf/lib/perl_modules"' ; echo o conf commit)|${CPAN_BIN_PATH} && \
# allow to installed outdated dists
    set -o nounset -o errexit &&  (echo o conf allow_installing_outdated_dists 'yes'; echo o conf commit)|${CPAN_BIN_PATH} && \
# allow to downgrade installed modules automatically
# assertion at end of script will check everything is expected
    set -o nounset -o errexit && (echo o conf allow_installing_module_downgrades 'yes'; echo o conf commit)|${CPAN_BIN_PATH} && \
# use cpan.metacpan.org to get outdated modules
# disable pushy_https
    set -o nounset -o errexit &&  (echo o conf urllist 'https://cpan.metacpan.org'; echo o conf commit)|${CPAN_BIN_PATH} && \
    set -o nounset -o errexit &&  (echo o conf pushy_https '0'; echo o conf commit)|${CPAN_BIN_PATH} && \
#limit the cache to 100mb
    set -o nounset -o errexit &&  (echo o conf build_cache 100; echo o conf commit)|${CPAN_BIN_PATH} 

RUN /bin/bash -c "set -e && /tini -- python3 -u  install_cpan.py  -d dependencies.csv"

#remove logs
RUN rm -rf ${WORKDIR}/.cpan/build/*
