ARG PYTHON_VERSION=3.12.0
ARG PYTHON_VERSION_SHORT=3.12

FROM ubuntu:22.04 AS python

ARG PYTHON_VERSION
ARG PYTHON_VERSION_SHORT

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update -y \
    && apt-get install --no-install-recommends --no-install-suggests -y \
      ca-certificates \
      curl \
      gcc \
      gnupg \
      libbz2-dev \
      libev-dev \
      libffi-dev \
      libgdbm-dev \
      liblzma-dev \
      libncurses-dev \
      libreadline-dev \
      libsqlite3-dev \
      libssl-dev \
      make \
      tk-dev \
      wget \
      zlib1g-dev

RUN set -x \
    && mkdir -p /root/build \
    && cd /root/build \
    && curl -O https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz \
    && tar -xvzf Python-${PYTHON_VERSION}.tgz \
    && cd Python-${PYTHON_VERSION} \
    && ./configure \
      --prefix=/usr \
      --enable-optimizations \
    && make

FROM ubuntu:22.04

ARG PYTHON_VERSION
ARG PYTHON_VERSION_SHORT

ENV NODEJS_VERSION=22.x
ENV NVM_VERSION=0.40.1
ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update -y \
    && apt-get install --no-install-recommends --no-install-suggests -y \
      apt-transport-https \
      ca-certificates \
      curl \
      gcc \
      gnupg \
      libbz2-1.0 \
      libev4 \
      libffi8 \
      libgdbm6 \
      liblzma5 \
      libncurses6 \
      libreadline8 \
      libsqlite3-0 \
      make \
      openssl \
      sudo \
      tklib

RUN groupadd --gid 1000 runner \
    && adduser --home /workspace --shell /bin/sh --uid 1000 --gid 1000 --disabled-password runner \
    && adduser runner sudo \
    && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

RUN mkdir -p /usr/share/keyrings \
    && curl -fsSL https://packagecloud.io/github/git-lfs/gpgkey | gpg --dearmor -o /usr/share/keyrings/github_git-lfs.gpg \
    && chmod 0644 /usr/share/keyrings/github_git-lfs.gpg \
    && gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys E363C90F8F1B6217 \
    && gpg --export E363C90F8F1B6217 > /usr/share/keyrings/git-core_ppa.gpg \
    && gpg --batch --yes --delete-keys E363C90F8F1B6217 \
    && chmod 0644 /usr/share/keyrings/git-core_ppa.gpg \
    && . /etc/lsb-release \
    && echo "deb [signed-by=/usr/share/keyrings/git-core_ppa.gpg] https://ppa.launchpadcontent.net/git-core/ppa/ubuntu ${DISTRIB_CODENAME} main" | tee /etc/apt/sources.list.d/git-core_ppa.list > /dev/null \
    && echo "deb [signed-by=/usr/share/keyrings/github_git-lfs.gpg] https://packagecloud.io/github/git-lfs/ubuntu ${DISTRIB_CODENAME} main" | tee /etc/apt/sources.list.d/github_git-lfs.list > /dev/null \
    && apt-get update -y \
    && apt-get install --no-install-recommends --no-install-suggests \
      git \
      git-lfs

RUN set -x \
    && mkdir -p /usr/share/keyrings \
    && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg \
    && chmod 0644 /usr/share/keyrings/nodesource.gpg \
    && arch=$(dpkg --print-architecture) \
    && echo "deb [arch=$arch signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODEJS_VERSION} nodistro main" | tee /etc/apt/sources.list.d/nodesource.list > /dev/null \
    && apt-get update \
    && apt-get install --no-install-recommends --no-install-suggests nodejs \
    && npm update --global npm \
    && npm install --global yarn \
    && curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v${NVM_VERSION}/install.sh | bash

COPY --from=python /root/build /tmp/build
RUN set -x \
    && cd /tmp/build/Python-${PYTHON_VERSION} \
    && make install \
    && cd ../ \
    && rm -r Python-${PYTHON_VERSION} \
    && ln -s /usr/lib/python${PYTHON_VERSION_SHORT}/bin/python${PYTHON_VERSION_SHORT} /usr/local/bin/python${PYTHON_VERSION_SHORT} \
    && ln -s /usr/local/bin/python${PYTHON_VERSION_SHORT} /usr/local/bin/python3 \
    && curl -O https://bootstrap.pypa.io/get-pip.py \
    && python3 get-pip.py \
    && rm get-pip.py \
    && python3 -m pip install \
      ansible \
      virtualenv

RUN cd /tmp/build \
    && curl -OL https://aka.ms/downloadazcopy-v10-linux \
    && tar -xvzf downloadazcopy-v10-linux \
    && rm downloadazcopy-v10-linux \
    && cp -r azcopy_linux_amd64_*/azcopy /usr/local/bin/ \
    && rm -r azcopy_linux_amd64_* \
    && chmod 0755 /usr/local/bin/azcopy \
    && ln -s /usr/local/bin/azcopy /usr/local/bin/azcopy10

RUN if [[ -f "/etc/fwupd/daemon.conf" ]]; then \
        sed -i 's/UpdateMotd=true/UpdateMotd=false/g' /etc/fwupd/daemon.conf; \
    fi

RUN echo 'session required pam_limits.so' >> /etc/pam.d/common-session \
    && echo 'session required pam_limits.so' >> /etc/pam.d/common-session-noninteractive \
    && echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf \
    && echo 'DefaultLimitSTACK=16M:infinity' >> /etc/systemd/system.conf \
    \
    && echo '* soft nofile 65536' >> /etc/security/limits.conf \
    && echo '* hard nofile 65536' >> /etc/security/limits.conf \
    \
    && echo '* soft stack 16384' >> /etc/security/limits.conf \
    && echo '* hard stack 16384' >> /etc/security/limits.conf

USER runner
WORKDIR /workspace