FROM alpine:3.7
MAINTAINER Disassembler <disassembler@dasm.cz>

RUN \
 # Install Python2 runtime
 apk --no-cache add python2

RUN \
 # Install runtime XML dependencies
 apk --no-cache add libxml2 libxslt

RUN \
 # Install runtime dependencies
 apk --no-cache add libffi libressl uwsgi-python

RUN \
 # Install build dependencies
 apk --no-cache add --virtual .deps build-base git libffi-dev libressl-dev libxml2-dev libxslt-dev py2-pip python2-dev \
 # Install CKAN DataPusher
 && mkdir -p /srv/ckan-datapusher \
 && cd /srv/ckan-datapusher \
 && pip install -U setuptools \
 && pip install -e 'git+https://github.com/ckan/datapusher.git#egg=datapusher' \
 # Hackfix the X509_STORE_CTX wrapper
 && sed -i 's/\[security\]//' /srv/ckan-datapusher/src/datapusher/requirements.txt \
 && pip install -r /srv/ckan-datapusher/src/datapusher/requirements.txt \
 # Create OS user
 && addgroup -S -g 8004 ckan-datapusher \
 && adduser -S -u 8004 -h /srv/ckan-datapusher -s /bin/false -g ckan-datapusher -G ckan-datapusher ckan-datapusher \
 && chown -R ckan-datapusher:ckan-datapusher /srv/ckan-datapusher \
 # Cleanup
 && apk --no-cache del .deps \
 && find /srv/ckan-datapusher/src -name '.git*' -exec rm -rf {} + \
 && rm -rf /root/.cache

COPY docker/ /

RUN \
 # Hackfix the self-signed certificate verification
 cd /usr/lib/python2.7/site-packages \
 && patch -p0 </srv/ckan-datapusher/ssl_verify.patch

VOLUME ["/etc/ckan-datapusher", "/srv/ckan-datapusher/data"]
EXPOSE 8004

USER ckan-datapusher
CMD ["uwsgi", "--plugin", "python", "--http-socket", "0.0.0.0:8004", "--wsgi-file", "/etc/ckan-datapusher/datapusher.wsgi", "--enable-threads"]