FROM ubuntu:xenial

ENV PATH=/virtualenv/bin:${PATH} \
    PROJECT=heat
ARG DOCKER_REPO=yaodu/openstack-requirements
ARG DOCKER_TAG=ubuntu
ARG WHEELS
ARG GIT_REPO=https://github.com/openstack/${PROJECT}
ARG GIT_REF
ARG GIT_REF_REPO=https://git.openstack.org/openstack/${PROJECT}

RUN set -x \
	&& apt-get update \
	&& apt-get install -y --no-install-recommends \
# Project specific packages start
		python \
# Project specific packages end
    && apt-get install -y --no-install-recommends ca-certificates curl git \
# common install start
    && if [ -n "$WHEELS" ]; then \
        curl -sSL ${WHEELS} > /tmp/wheels.tar.gz; \
       else \
        TOKEN=$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${DOCKER_REPO}:pull" | \
                    python -c "import sys, json; print json.load(sys.stdin)['token']") \
        && BLOB=$(curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/manifests/${DOCKER_TAG} | \
                    python -c "import sys, json; print json.load(sys.stdin)['fsLayers'][0]['blobSum']") \
        && curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/blobs/${BLOB} > /tmp/wheels.tar.gz; \
       fi \
    && git clone ${GIT_REPO} /tmp/${PROJECT} \
    && if [ -n "$GIT_REF" ]; then \
        git --git-dir /tmp/${PROJECT}/.git fetch ${GIT_REF_REPO} ${GIT_REF} \
        && git --git-dir /tmp/${PROJECT}/.git checkout FETCH_HEAD; \
       fi \
    && mkdir /tmp/packages \
    && tar xf /tmp/wheels.tar.gz -C /tmp/packages/ --strip-components=2 root/packages \
    && curl -sSL https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
    && python get-pip.py \
    && rm get-pip.py \
    && pip install virtualenv \
    && virtualenv /virtualenv \
    && hash -r \
    && pip install --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt /tmp/${PROJECT} \
    && groupadd -g 42424 ${PROJECT} \
    && useradd -u 42424 -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /usr/sbin/nologin -c "${PROJECT} user" ${PROJECT} \
    && mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
    && chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
# common install end
# Project specific command block start
    && pip install --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt python-memcached pymysql \
    && cp -rfv /tmp/${PROJECT}/etc/heat/* /etc/${PROJECT}/ \
    && chown -R ${PROJECT}:${PROJECT} /etc/${PROJECT} \
    && chown root:root /etc/${PROJECT}/policy.json \
# Project specific command block end
    && apt-get purge -y --auto-remove ca-certificates curl git \
    && rm -rf /var/lib/apt/lists/* /tmp/* /root/.cache \
    && find / -type f \( -name "*.pyc" -o -name "pip" -o -name "easy_install" -o -name "wheel" \) -delete