FROM python2
MAINTAINER Disassembler <disassembler@dasm.cz>

RUN \
 # Install runtime dependencies
 apk --no-cache add libffi libressl uwsgi-python

RUN \
 # Install build dependencies
 apk --no-cache add --virtual .deps build-base git libffi-dev libressl-dev libxml2-dev libxslt-dev py2-pip python2-dev \
 # Install CKAN DataPusher
 && mkdir -p /srv/ckan-datapusher \
 && cd /srv/ckan-datapusher \
 && pip install -U setuptools \
 && pip install -e 'git+https://github.com/ckan/datapusher.git#egg=datapusher' \
 # Hackfix the X509_STORE_CTX wrapper
 && sed -i 's/\[security\]//' /srv/ckan-datapusher/src/datapusher/requirements.txt \
 && pip install -r /srv/ckan-datapusher/src/datapusher/requirements.txt \
 # Create OS user
 && addgroup -S -g 8004 ckandp \
 && adduser -S -u 8004 -h /srv/ckan-datapusher -s /bin/false -g ckandp -G ckandp ckandp \
 && chown -R ckandp:ckandp /srv/ckan-datapusher \
 # Cleanup
 && apk --no-cache del .deps \
 && find /srv/ckan-datapusher/src -name '.git*' -exec rm -rf {} + \
 && rm -rf /root/.cache

VOLUME ["/etc/ckan-datapusher", "/srv/ckan-datapusher/data"]
EXPOSE 8080

USER ckandp
CMD ["uwsgi", "--plugin", "python", "--http-socket", "0.0.0.0:8080", "--wsgi-file", "/etc/ckan-datapusher/datapusher.wsgi", "--enable-threads"]