FROM debian:bookworm-slim

ARG USER="mta"
ARG USER_HOME_DIR="/home/${USER}"
ENV HOME ${USER_HOME_DIR}

RUN set -ex \
  && apt-get update \
  && apt-get install -y openssl --no-install-recommends \
  && rm -rf /var/lib/apt/lists/* \
  # smoke test
  && openssl version \
  && useradd --home-dir ${USER_HOME_DIR} \
            --create-home \
            --shell /bin/bash \
            --user-group \
            --uid 1000 \
            --comment 'Cloud MTA Build Tool' \
            --password "$(echo weUseMta | openssl passwd -1 -stdin)" ${USER} \
  # allow anybody to write into the image user home directory
  && chmod a+w ${USER_HOME_DIR} \
  && apt-get remove --purge --autoremove -y openssl

ADD http://aia.pki.co.sap.com/aia/SAP%20Global%20Root%20CA.crt \
    /etc/ssl/certs/SAP_Global_Root_CA.crt

ARG NODE_VERSION=18.20.2

RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
    && case "${dpkgArch##*-}" in \
      amd64) ARCH='x64';; \
      ppc64el) ARCH='ppc64le';; \
      s390x) ARCH='s390x';; \
      arm64) ARCH='arm64';; \
      armhf) ARCH='armv7l';; \
      i386) ARCH='x86';; \
      *) echo "unsupported architecture"; exit 1 ;; \
    esac \
    && set -ex \
    && apt-get update \
    # libatomic1 for arm
    && apt-get install -y ca-certificates curl gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
    && rm -rf /var/lib/apt/lists/* \
    && export GNUPGHOME="$(mktemp -d)" \
    && for key in \
      4ED778F539E3634C779C87C6D7062848A1AB005C \
      141F07595B7B3FFE74309A937405533BE57C7D57 \
      74F12602B6F1C4E913FAA37AD3A89613643B6201 \
      61FC681DFB92A079F1685E77973F295594EC4689 \
      8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
      C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
      890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
      C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
      108F52B48DB57BB0CC439B2997B01419BD92F80A \
      DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
      A6023530FC53461FEC91F99C04CD3F2FDE079578 \
    ; do \
      gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
      gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
    done \
    && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
    && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
    && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
    && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
    && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
    && rm -rf "$GNUPGHOME" "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
    && apt-mark auto '.*' > /dev/null \
    && find /usr/local -type f -executable -exec ldd '{}' ';' \
      | awk '/=>/ { print $(NF-1) }' \
      | sort -u \
      | xargs -r dpkg-query --search \
      | cut -d: -f1 \
      | sort -u \
      | xargs -r apt-mark manual \
    && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
    && ln -s /usr/local/bin/node /usr/local/bin/nodejs \
    # smoke tests
    && node --version \
    && npm --version

ARG YARN_VERSION=1.22.19

RUN set -ex \
  && savedAptMark="$(apt-mark showmanual)" \
  && apt-get update \
  && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \
  && rm -rf /var/lib/apt/lists/* \
  && export GNUPGHOME="$(mktemp -d)" \
  && for key in \
    6A010C5166006599AA17F08146C2130DFD2497F5 \
  ; do \
    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
  done \
  && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
  && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
  && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
  && mkdir -p /opt \
  && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
  && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
  && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
  && rm -rf "$GNUPGHOME" yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
  && apt-mark auto '.*' > /dev/null \
  && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \
  && find /usr/local -type f -executable -exec ldd '{}' ';' \
    | awk '/=>/ { print $(NF-1) }' \
    | sort -u \
    | xargs -r dpkg-query --search \
    | cut -d: -f1 \
    | sort -u \
    | xargs -r apt-mark manual \
  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
  # smoke test
  && yarn --version

ARG SAPMACHINE_VERSION=11.0.23

ENV JAVA_HOME /opt/jdk

RUN sapmachine_install() { \
    SAPMACHINE_MAJOR_VERSION=$(echo ${SAPMACHINE_VERSION} | cut -d. -f1); \
    ARCH=; \
    dpkgArch="$(dpkg --print-architecture)"; \
    case "${dpkgArch##*-}" in \
      amd64) ARCH='amd64';; \
      *) echo "unsupported architecture"; exit 1 ;; \
    esac; \
    apt-get update; \
    apt-get install -y ca-certificates gnupg dirmngr --no-install-recommends; \
    rm -rf /var/lib/apt/lists/*; \
    export GNUPGHOME="$(mktemp -d)"; \
    for key in \
      CACB9FE09150307D1D22D82962754C3B3ABCFE23 \
    ; do \
      gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
      gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
    done; \
    chmod 644 /etc/apt/trusted.gpg.d/sapmachine.gpg; \
    echo "deb http://dist.sapmachine.io/debian/${ARCH}/ ./" | tee /etc/apt/sources.list.d/sapmachine.list; \
    apt-get update; \
    apt-get install -y sapmachine-${SAPMACHINE_MAJOR_VERSION}-jdk=${SAPMACHINE_VERSION} --no-install-recommends; \
    rm -rf "$GNUPGHOME" /var/lib/apt/lists/*; \
    apt-get remove --purge --autoremove -y ca-certificates gnupg dirmngr; \
    ln -s /usr/lib/jvm/sapmachine-${SAPMACHINE_MAJOR_VERSION} ${JAVA_HOME}; \
  }; \
  sapjvm_install() { \
    ARCH=; \
    dpkgArch="$(dpkg --print-architecture)"; \
    case "${dpkgArch##*-}" in \
      amd64) ARCH='x64';; \
      ppc64el) ARCH='ppc64le';; \
      *) echo "unsupported architecture"; exit 1 ;; \
    esac; \
    apt-get update; \
    apt-get install -y ca-certificates curl libarchive-tools --no-install-recommends; \
    rm -rf /var/lib/apt/lists/*; \
    curl -fsSLO --compressed -b 'eula_3_2_agreed=tools.hana.ondemand.com/developer-license-3_2.txt' https://tools.hana.ondemand.com/additional/sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip; \
    echo "cd82a1286f1853669a5bdac74a26807179feced9  sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip" | sha1sum -c -; \
    bsdtar -xvf sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip -C /usr/local --strip-components=1 --no-same-owner; \
    rm -f sapjvm-${SAPMACHINE_VERSION}-linux-${ARCH}.zip; \
    apt-get remove --purge --auto-remove -y ca-certificates curl libarchive-tools; \
    ln -s /usr/local ${JAVA_HOME}; \
  } \
  && set -ex \
  && if [ $(echo ${SAPMACHINE_VERSION} | cut -d. -f1) -le 8 ]; then \
      sapjvm_install; \
    else \
      sapmachine_install; \
    fi \
  # smoke test
  && java -version

ARG MAVEN_VERSION=3.9.6
ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries

ENV MAVEN_HOME /usr/share/maven
ENV M2_HOME ${MAVEN_HOME}

RUN set -ex \
  && apt-get update \
  && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \
  && rm -rf /var/lib/apt/lists/* \
  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
  && export GNUPGHOME="$(mktemp -d)" \
  && for key in \
    29BEA2A645F2D6CED7FB12E02B172E3E156466E8 \
  ; do \
    gpg --batch --keyserver hkps://pgp.surf.nl --recv-keys "$key" || \
    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
  done \
  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
  && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
  && rm -rf "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
  && chmod -R a+w ${MAVEN_HOME}/conf/* \
  && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
  && apt-get remove --purge --autoremove -y ca-certificates curl gnupg dirmngr \
  # smoke test
  && mvn --version

ARG MBT_VERSION=1.2.27

RUN set -ex \
  && npm install -g --unsafe-perm mbt@${MBT_VERSION} \
  && npm cache clean -g --force \
  # smoke test
  && mbt --version

# SAP e-Mobility requirements
RUN set -ex \
  && apt-get update \
  && apt-get install -y ca-certificates build-essential python3 --no-install-recommends \
  && rm -rf /var/lib/apt/lists/* \
  # smoke test
  && python3 --version

# Allow global npm packages install without sudo
RUN set -ex \
  && mkdir ${USER_HOME_DIR}/.npm-global \
  && mkdir ${USER_HOME_DIR}/.npm-global/lib \
  && chown -R ${USER}:${USER} ${USER_HOME_DIR}
ENV NPM_CONFIG_PREFIX ${USER_HOME_DIR}/.npm-global

WORKDIR /project
USER ${USER}