FROM ruby
MAINTAINER Disassembler <disassembler@dasm.cz>

RUN \
 # Install runtime dependencies
 apk --no-cache add libpq

RUN \
 # Install build dependencies
 apk --no-cache add --virtual .deps build-base git linux-headers openjdk8-jre-base paxctl postgresql-dev \
 # Fix grsec attributes to loosen memory protection restrictions
 && paxctl -cm /usr/lib/jvm/java-1.8-openjdk/jre/bin/java \
 && paxctl -cm /usr/lib/jvm/java-1.8-openjdk/bin/java \
 # Clone ODK Build
 && git clone --depth 1 https://github.com/opendatakit/build /srv/odkbuild \
 # Install Ruby dependencies
 && cd /srv/odkbuild \
 && bundle install --without test \
 && rake deploy:build \
 # Create OS user
 && addgroup -S -g 8016 odkbuild \
 && adduser -S -u 8016 -h /srv/odkbuild -s /bin/false -g odkbuild -G odkbuild odkbuild \
 && chown -R odkbuild:odkbuild /srv/odkbuild \
 # Cleanup
 && apk --no-cache del .deps \
 && find /srv/odkbuild -name '.git*' -exec rm -rf {} + \
 && rm -rf /root/.bundle

# VOLUME ["/srv/crisiscleanup/config"]
EXPOSE 8016

USER odkbuild
WORKDIR /srv/odkbuild
CMD ["bundle", "exec", "rackup", "config.ru", "-o", "0.0.0.0", "-p", "8016"]