# COmanage Dockerfile
#
# Portions licensed to the University Corporation for Advanced Internet
# Development, Inc. ("UCAID") under one or more contributor license agreements.
# See the NOTICE file distributed with this work for additional information
# regarding copyright ownership.
#
# UCAID licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with the
# License. You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ARG COMANAGE_MATCH_VERSION=develop
ARG COMANAGE_MATCH_BASE_IMAGE_VERSION=1
ARG COMANAGE_MATCH_I2_BASE_IMAGE_VERSION=1

FROM comanage-match-base:${COMANAGE_MATCH_VERSION}-${COMANAGE_MATCH_BASE_IMAGE_VERSION} AS comanage

FROM comanage-match-internet2-tap-base:${COMANAGE_MATCH_I2_BASE_IMAGE_VERSION} AS php-build

FROM centos/python-38-centos7

USER root

ARG COMANAGE_MATCH_VERSION
ENV COMANAGE_MATCH_VERSION ${COMANAGE_MATCH_VERSION}
LABEL comanage_match_version=${COMANAGE_MATCH_VERSION}

ARG COMANAGE_MATCH_BASE_IMAGE_VERSION
ENV COMANAGE_MATCH_BASE_IMAGE_VERSION ${COMANAGE_MATCH_BASE_IMAGE_VERSION}
LABEL comanage_match_base_image_version=${COMANAGE_MATCH_BASE_IMAGE_VERSION}

ARG COMANAGE_MATCH_I2_BASE_IMAGE_VERSION
ENV COMANAGE_MATCH_I2_BASE_IMAGE_VERSION ${COMANAGE_MATCH_I2_BASE_IMAGE_VERSION}
LABEL comanage_match_i2_base_image_version=${COMANAGE_MATCH_I2_BASE_IMAGE_VERSION}

ARG COMANAGE_MATCH_DIR
ENV COMANAGE_MATCH_DIR ${COMANAGE_MATCH_DIR:-/srv/comanage-match}
LABEL comanage_match_dir=${COMANAGE_MATCH_DIR}

RUN yum -y remove \
    postgresql-libs \
    postgresql-devel \
    postgresql

RUN yum -y install epel-release

COPY shibboleth.repo /etc/yum.repos.d/

RUN yum -y update && yum -y install \
        cronie \
        httpd \
        libargon2 \
        libcurl \
        libedit \
        libicu \
        libsodium \
        libxml2 \
        libxslt \
        mod_ssl \
        oniguruma \
        rh-postgresql13-postgresql \
        python-pip \
        shibboleth \
        sudo \
        wget \
        zlib \
    && pip install --upgrade pip \
    && pip install supervisor \
    && yum clean -y all

COPY --from=php-build /usr/lib64/httpd/modules/libphp.so /usr/lib64/httpd/modules/
COPY --from=php-build /usr/local/lib/php /usr/local/lib/php/
COPY --from=php-build /usr/local/include/php /usr/local/include/php/
COPY --from=php-build /usr/local/bin /usr/local/bin/

COPY --from=comanage ${COMANAGE_MATCH_DIR} ${COMANAGE_MATCH_DIR}/
COPY --from=comanage /etc/apache2/apache-include-directory-match /etc/httpd/
COPY --from=comanage /etc/apache2/apache-include-virtual-host-port443-base /etc/httpd/
COPY --from=comanage /etc/apache2/apache-include-virtual-host-port80-redirect /etc/httpd/
COPY --from=comanage /usr/local/lib/comanage_utils.sh /usr/local/lib/
COPY --from=comanage /usr/local/lib/comanage_shibboleth_sp_utils.sh /usr/local/lib/
COPY --from=comanage /usr/local/bin/docker-comanage-match-entrypoint /usr/local/bin/

COPY 000-comanage.conf /etc/httpd/conf.d/
COPY 10-php.conf /etc/httpd/conf.modules.d/
COPY php.conf /etc/httpd/conf.d/
COPY supervisord.conf /usr/local/etc/supervisord.conf
COPY shibd.logger /etc/shibboleth/
COPY native.logger /etc/shibboleth/
COPY httpd.conf /etc/httpd/conf/
COPY sendtierbeacon.sh /usr/local/bin/sendtierbeacon.sh
COPY setupcron.sh /usr/local/bin/setupcron.sh
COPY docker-comanage-entrypoint /usr/local/bin/
COPY docker-comanage-shibboleth-sp-entrypoint /usr/local/bin/
COPY docker-supervisord-entrypoint /usr/local/bin/

RUN cd /etc/httpd/conf.d \
    && rm -f autoindex.conf ssl.conf userdir.conf welcome.conf \
    && cd /etc/httpd \
    && ln -s /etc/pki/tls/certs/localhost.crt cert.pem \
    && ln -s /etc/pki/tls/private/localhost.key privkey.pem \
    && chmod 755 /usr/local/bin/sendtierbeacon.sh \
    && chmod 755 /usr/local/bin/setupcron.sh \
    && /usr/local/bin/setupcron.sh \
    && cd /var/www/html \
    && ln -s ${COMANAGE_MATCH_DIR}/app/webroot match \
    && rm -rf ${COMANAGE_MATCH_DIR}/local/* \
    && chown -R apache:apache ${COMANAGE_MATCH_DIR}/app/tmp \
    && rm -f /etc/shibboleth/shibboleth2.xml \
    && rm -f /etc/httpd/conf.modules.d/mod_lua.so

# Allow value for first administrator bootstrapped into the
# platform to be specified at image build time, in addition to
# being injected at run time through the entrypoint script.
ARG COMANAGE_MATCH_ADMIN_USERNAME

# Set simple defaults for first administrator bootstrapped into the
# platform to make simple evaluation of the platform easier.
ENV COMANAGE_MATCH_ADMIN_USERNAME ${COMANAGE_MATCH_ADMIN_USERNAME:-match.admin}

VOLUME ${COMANAGE_MATCH_DIR}/local /etc/shibboleth

EXPOSE 80 443

# TIER Beacon Opt-out
#
# Completely uncomment the following ENV line to prevent the containers from
# sending analytics information to Internet2.  With the default/release
# configuration, it will only send product (Shibb/Grouper/COmanage) and version
# (3.3.1-17040, etc) once daily between midnight and 4am.  There is no
# configuration or private information collected or sent.  This data helps with
# the scaling and funding of TIER.  Please do not disable it if you find the
# TIER tools useful.  To keep it commented, keep multiple comments on the
# following line (to prevent other scripts from processing it).
#####     ENV TIER_BEACON_OPT_OUT True

ENV TIER_RELEASE=231211
ENV TIER_MAINTAINER=tier

ENTRYPOINT ["docker-supervisord-entrypoint"]