From eec53d008abe22734a3446e9aa0f3b5ba8b590c5 Mon Sep 17 00:00:00 2001
From: Manuel Barkhau <mbarkhau@gmail.com>
Date: Wed, 15 Dec 2021 01:40:29 +0000
Subject: [PATCH] fix docker images

---
 Makefile.bootstrapit.make | 21 +++-------
 docker_base.Dockerfile    | 88 ++++++++++++++++++++++++++++-----------
 2 files changed, 69 insertions(+), 40 deletions(-)

diff --git a/Makefile.bootstrapit.make b/Makefile.bootstrapit.make
index feb1847..69fad70 100644
--- a/Makefile.bootstrapit.make
+++ b/Makefile.bootstrapit.make
@@ -600,19 +600,10 @@ dist_publish: bump_version dist_build dist_upload
 ##   4. You're using WSL but didn't do export DOCKER_HOST="tcp://localhost:2375"
 .PHONY: docker_build
 docker_build:
-	@if [[ -f "$(RSA_KEY_PATH)" ]]; then \
-		docker build \
-			--build-arg SSH_PRIVATE_RSA_KEY="$$(cat '$(RSA_KEY_PATH)')" \
-			--file docker_base.Dockerfile \
-			--tag $(DOCKER_BASE_IMAGE):$(DOCKER_IMAGE_VERSION) \
-			--tag $(DOCKER_BASE_IMAGE) \
-			.; \
-	else \
-		docker build \
-			--file docker_base.Dockerfile \
-			--tag $(DOCKER_BASE_IMAGE):$(DOCKER_IMAGE_VERSION) \
-			--tag $(DOCKER_BASE_IMAGE) \
-			.; \
-	fi
+	docker build \
+		--file docker_base.Dockerfile \
+		--tag $(DOCKER_BASE_IMAGE):$(DOCKER_IMAGE_VERSION) \
+		--tag $(DOCKER_BASE_IMAGE) \
+		.; \
 
-	docker push $(DOCKER_BASE_IMAGE)
+	# docker push $(DOCKER_BASE_IMAGE)
diff --git a/docker_base.Dockerfile b/docker_base.Dockerfile
index bc29ef7..20432e3 100644
--- a/docker_base.Dockerfile
+++ b/docker_base.Dockerfile
@@ -7,29 +7,69 @@
 #   base       : the final image containing only the required environment files,
 #                and none of the infrastructure required to generate them.
 
-FROM registry.gitlab.com/mbarkhau/bootstrapit/env_builder AS builder
-
-RUN mkdir /root/.ssh/ && \
-    ssh-keyscan gitlab.com >> /root/.ssh/known_hosts && \
-    ssh-keyscan registry.gitlab.com >> /root/.ssh/known_hosts
-
-ARG SSH_PRIVATE_RSA_KEY
-ENV ENV_SSH_PRIVATE_RSA_KEY=${SSH_PRIVATE_RSA_KEY}
-
-# Write private key and generate public key
-RUN if ! test -z "${ENV_SSH_PRIVATE_RSA_KEY}"; then \
-    echo -n "-----BEGIN RSA PRIVATE KEY-----" >> /root/.ssh/id_rsa && \
-    echo -n ${ENV_SSH_PRIVATE_RSA_KEY} \
-    | sed 's/-----BEGIN RSA PRIVATE KEY-----//' \
-    | sed 's/-----END RSA PRIVATE KEY-----//' \
-    | sed 's/ /\n/g' \
-    >> /root/.ssh/id_rsa && \
-    echo -n "-----END RSA PRIVATE KEY-----" >> /root/.ssh/id_rsa && \
-    chmod 600 /root/.ssh/* && \
-    ssh-keygen -y -f /root/.ssh/id_rsa > /root/.ssh/id_rsa.pub; \
-    fi
+# This is the image used both by env_builder and also for the
+# base images of a project, which contain all of its
+# dependencies.
+#
+# Generated using:
+#   $ git clone git@gitlab.com:mbarkhau/bootstrapit.git
+#   $ cd bootstrapit
+#   bootstrapit $ make build_docker
+#
+# pushes to registry.gitlab.com/mbarkhau/bootstrapit/root
+FROM debian:bullseye-slim AS root
+
+ENV LC_ALL=C.UTF-8
+ENV LANG=C.UTF-8
+ENV LANGUAGE en_US.UTF-8
+
+ENV SHELL /bin/bash
+
+RUN apt-get update && \
+    apt-get install --yes bash make sed grep gawk curl git bzip2 unzip;
+
+CMD [ "/bin/bash" ]
+
+
+FROM root AS builder
+
+# -------------------------
+
+# This image is used for temporary stages that set up
+# the project specific dependencies, before they
+# are copied to the base image of a project.
+#
+# Generated using:
+#   $ git clone git@gitlab.com:mbarkhau/bootstrapit.git
+#   $ cd bootstrapit
+#   bootstrapit $ make build_docker
+#
+# pushes to registry.gitlab.com/mbarkhau/bootstrapit/env_builder
+
+RUN apt-get --yes install ca-certificates openssh-client;
+
+ENV CONDA_DIR /opt/conda
+ENV PATH $CONDA_DIR/bin:$PATH
+
+# The latest version of conda can be newer than the latest
+# version for which an installer is available. Further
+# down we invoke "conda update --all" to update to the lates
+# version. This Marker is incremented when we know such an
+# update was published and want to update the image.
+ENV MINICONDA_VERSION_MARKER 4.10.3
+ENV MINICONDA Miniconda3-latest-Linux-x86_64.sh
+ENV MINICONDA_URL https://repo.continuum.io/miniconda/$MINICONDA
+
+RUN curl -L "$MINICONDA_URL" --silent -o miniconda3.sh && \
+    /bin/bash miniconda3.sh -f -b -p $CONDA_DIR && \
+    rm miniconda3.sh && \
+    /opt/conda/bin/conda clean -tipy && \
+    ln -s /opt/conda/etc/profile.d/conda.sh /etc/profile.d/conda.sh && \
+    echo ". /opt/conda/etc/profile.d/conda.sh" >> ~/.bashrc && \
+    echo "conda activate base" >> ~/.bashrc && \
+    conda update --all --yes && \
+    conda config --set auto_update_conda False
 
-ADD requirements/ requirements/
 ADD scripts/ scripts/
 
 ADD Makefile.bootstrapit.make Makefile.bootstrapit.make
@@ -43,8 +83,6 @@ RUN make build/envs.txt
 ADD requirements/ requirements/
 RUN make conda
 
-RUN rm -f /root/.ssh/id_rsa
-
 # Deleting pkgs implies that `conda install`
 # will have to pull all packages again.
 RUN conda clean --all --yes
@@ -62,7 +100,7 @@ RUN conda clean --all --yes && \
     rm -rf /opt/conda/pkgs/
 
 
-FROM registry.gitlab.com/mbarkhau/bootstrapit/root
+FROM root
 
 COPY --from=builder /opt/conda/ /opt/conda/
 COPY --from=builder /vendor/ /vendor