FROM debian:bullseye-20221114-slim@sha256:df172d92d287ec4d4a538e5db8026fcde5f91f5f90061423d69d6148ff05cc47

EXPOSE 8000

COPY ./requirements.txt /app/requirements.txt

RUN apt-get update \
    && apt-get install -y python3 python3-pip \
    && pip3 install -r /app/requirements.txt \
    && apt-get remove -y \
    gcc \
    curl \
    wget \
    python3-pip \
    python3-dev \
    && apt-get autoremove -y \
    && apt-get clean


# Remove setuid and setgid
RUN find / -xdev -perm /6000 -type f -exec chmod a-s {} \; || true

# Add user
RUN useradd soc_collector -u 1500 -s /usr/sbin/nologin

COPY ./src /app/src
COPY ./data/logging.json /app/logging.json
COPY ./data/collector-dev.soc.sunet.se.crt /app/collector-dev.soc.sunet.se.crt
COPY ./data/collector-dev.soc.sunet.se.key /app/collector-dev.soc.sunet.se.key
COPY ./data/collector_root_ca.crt /app/collector_root_ca.crt
COPY ./data/api_keys.txt /app/api_keys.txt
COPY ./data/healthcheck.sh /app/healthcheck.sh
COPY ./data/healthcheck.py /app/healthcheck.py

WORKDIR /app/

USER soc_collector

# Add healthcheck
HEALTHCHECK --interval=2m --timeout=15s --retries=1 --start-period=30s \
    CMD sh ./healthcheck.sh COLLECTOR || bash -c 'kill -s 15 1 && (sleep 7; kill -s 9 1)'

ENTRYPOINT ["uvicorn", "src.soc_collector.main:app", "--log-config", "./logging.json", "--host", "0.0.0.0", "--port", "8000", "--ssl-keyfile", "./collector-dev.soc.sunet.se.key", "--ssl-certfile", "./collector-dev.soc.sunet.se.crt", "--ssl-version", "2", "--workers", "1", "--header", "server:collector"]