zuul-operator/build/Dockerfile

FROM quay.io/operator-framework/ansible-operator:v0.13.0

# Install extra requirements
USER root

# See: https://github.com/operator-framework/operator-sdk/issues/2384
RUN pip3 install --upgrade openshift

# unarchive: bzip2 and tar
# generate zuul ssh-keys or certificate: openssh and openssl
RUN dnf install -y bzip2 tar openssh openssl

# Not ideal, but that works. Generated from https://github.com/podenv/hub/blob/master/runtimes/download.dhall
RUN python3 -c 'import sys, pathlib, urllib.request;from hashlib import sha256;fail = lambda s: (print(s), exit(1));u, h = sys.argv[1], sys.argv[2];output = pathlib.Path("/bin").expanduser();local = pathlib.Path("~/.cache/podenv/buildStore").expanduser() / h;notLocal = not local.exists() or sha256(local.read_bytes()).hexdigest() != h;print(u + ": downloading") if notLocal else True;req = urllib.request.urlopen(u) if notLocal else True;data = req.read() if notLocal else local.read_bytes();digest = sha256(data).hexdigest();fail(u + ": expected " + h + "got " + digest) if digest != h else True;local.parent.mkdir(parents=True, exist_ok=True);local.write_bytes(data) if notLocal else True;print(u + ": extracted to " + str(output));from subprocess import Popen, PIPE;p = Popen("tar -xf - --strip-components=2 -j --mode='a+x' -C".split() + [str(output)], stdin=PIPE);p.communicate(data);fail(u + ": failed to extract") if p.wait() else True' \
  https://github.com/dhall-lang/dhall-haskell/releases/download/1.28.0/dhall-json-1.6.0-x86_64-linux.tar.bz2 b9917603fa58295f211dde384c073f8482343d445ad9bfab8919ae2eaca6bda7 && rm -Rf ~/.cache/

# Back to the default operator user
USER 1001

# Copy configuration
COPY conf/ ${HOME}/conf/

# Cache external dhall requirements
RUN echo 'let Prelude = ~/conf/Prelude.dhall let Kubernetes = ~/conf/Kubernetes.dhall let k8s = ~/conf/KubernetesUnion.dhall in "OK"' | env dhall-to-json

# Copy ansible operator requirements
COPY watches.yaml ${HOME}/watches.yaml
COPY roles ${HOME}/roles