FROM registry.hub.docker.com/library/buildpack-deps:testing as repo-key
WORKDIR /gnupghome
ENV GNUPGHOME /gnupghome
# hadolint ignore=DL4006
RUN curl https://www.mongodb.org/static/pgp/server-4.4.asc | gpg --dearmor > mongodb.gpg
RUN curl https://packages.cloud.google.com/apt/doc/apt-key.gpg > google-cloud.gpg
# hadolint ignore=DL4006
RUN curl https://cli-assets.heroku.com/apt/release.key | gpg --dearmor > heroku.gpg
# hadolint ignore=DL4006
RUN curl https://apt.releases.hashicorp.com/gpg | gpg --dearmor > hashicorp.gpg
# hadolint ignore=DL4006
RUN curl https://dl.cloudsmith.io/public/cloudposse/packages/gpg.7333C6FDEFA717CC.key | gpg --dearmor > cloudposse.gpg

FROM registry.hub.docker.com/library/buildpack-deps:testing
SHELL ["/bin/bash", "-o", "pipefail", "-xc"]
# hadolint ignore=DL3008
RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
        ca-certificates \
        gnupg \
    && \
    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
COPY --from=repo-key /gnupghome/mongodb.gpg /usr/share/keyrings/mongodb.gpg
COPY --from=repo-key /gnupghome/google-cloud.gpg /usr/share/keyrings/google-cloud.gpg
COPY --from=repo-key /gnupghome/heroku.gpg /usr/share/keyrings/heroku.gpg
COPY --from=repo-key /gnupghome/hashicorp.gpg /usr/share/keyrings/hashicorp.gpg
COPY --from=repo-key /gnupghome/cloudposse.gpg /usr/share/keyrings/cloudposse.gpg
COPY --chown=root:root sources.d/* /etc/apt/sources.list.d/
COPY --chown=root:root preferences.d/* /etc/apt/preferences.d/
# hadolint ignore=DL3008,DL3013,DL3027
RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
        adb \
        apache2-utils \
        aspell-he \
        aws-vault \
        bash-completion \
        bats \
        bc \
        bundler \
        bzr \
        cmake \
        composer \
        consul \
        dbus-x11 \
        default-jdk-headless \
        default-mysql-client \
        devscripts \
        direnv \
        dnsutils \
        docker.io \
        dos2unix \
        easy-rsa \
        entr \
        expect \
        flatpak \
        flatpak-builder \
        flatpak-xdg-utils \
        ftp \
        fuse \
        gh \
        gir1.2-glib-2.0 \
        gir1.2-ostree-1.0 \
        gnupg \
        golang \
        gomplate \
        google-cloud-sdk \
        go-md2man \
        gpgv \
        helm \
        'helm2=2.16.10' \
        heroku \
        hugo \
        hunspell \
        hunspell-he \
        hyphen-en-us \
        ipcalc \
        iproute2 \
        iputils-ping \
        iputils-tracepath \
        jp \
        keyutils \
        kops \
        krb5-config \
        kubernetes-client \
        ldap-utils \
        less \
        libcairo2-dev \
        libcap2-bin \
        libcurl4-gnutls-dev \
        libdbus-1-dev \
        libgirepository1.0-dev \
        libldap2-dev \
        libnotify-bin \
        libpq-dev \
        libprotobuf-dev \
        libsasl2-dev \
        libsecret-tools \
        libyaml-dev \
        lsof \
        man-db \
        mariadb-client \
        meson \
        minikube \
        mlocate \
        mongodb-database-tools \
        mythes-en-us \
        netcat-openbsd \
        nodejs \
        npm \
        ostree \
        packer \
        php-cli \
        podman \
        postgresql-client \
        protobuf-compiler \
        python3-dev \
        python3-pip \
        python3-venv \
        rclone \
        redis-tools \
        rename \
        reprepro \
        rsync \
        ruby-dev \
        sharutils \
        shellcheck \
        signify-openbsd \
        subversion \
        sudo \
        swaks \
        systemd \
        task-english \
        task-hebrew \
        task-ssh-server \
        telnet \
        terraform \
        terragrunt \
        time \
        tmux \
        transmission-cli \
        ttyrec \
        udftools \
        unison \
        vagrant \
        vault \
        vcdimager \
        vim-nox \
        w3m-img \
        whois \
        zip \
    && \
    chmod 755 /usr/share/helm/latest/bin/ /usr/share/helm/2/bin /usr/share/kops/latest/bin/ && \
    sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/; s/# en_IL UTF-8/en_IL UTF-8/; s/# he_IL.UTF-8 UTF-8/he_IL.UTF-8 UTF-8/;' /etc/locale.gen && \
    locale-gen && \
    git clone https://github.com/Homebrew/brew /usr/local/share/brew && \
    ln -s /usr/local/share/brew/bin/brew /usr/local/bin/brew && \
    brew install --force-bottle \
        envconsul \
        kompose \
        kustomize \
        rke \
        skaffold \
        tfenv \
    && \
    brew cleanup --prune=all -s && \
    ln --symbolic --target /etc/bash_completion.d/ /usr/local/etc/bash_completion.d/* && \
    python3 -m pip install --use-deprecated=legacy-resolver \
        ansible \
        ansible-runner \
        awscli \
        awslogs \
        bcrypt \
        black \
        colorama \
        boto \
        boto3 \
        cookiecutter \
        cryptography \
        dnspython \
        docker \
        docker-compose \
        elasticsearch-curator \
        elasticsearch[async] \
        fabric \
        flit \
        github3.py \
        Glances \
        gunicorn \
        hashin \
        httpbin \
        httpie \
        identify \
        importlab \
        invoke \
        khal \
        khard \
        magic-wormhole \
        'mariadb<1.1.0' \
        mycli \
        netaddr \
        paramiko \
        parse \
        passhole \
        passlib \
        pgcli \
        pipenv \
        poetry \
        pre-commit \
        protobuf \
        psycopg2 \
        pur \
        pygments \
        pymongo \
        PyMySQL \
        PyGObject \
        pyopenssl \
        'python-gitlab[autocompletion,yaml]' \
        redis \
        remarshal \
        requests \
        sh \
        template \
        todoman \
        tox \
    && \
    export GOPATH=/usr/local/lib/go && \
    mkdir "$GOPATH" && \
    go get github.com/keybase/client/go/keybase && \
    go install -tags production github.com/keybase/client/go/keybase && \
    go get github.com/keybase/client/go/kbfs/kbfsfuse && \
    export GO111MODULE=on && \
    go get github.com/giantswarm/semver-bump && \
    go get github.com/nishanths/license/v5 && \
    go get github.com/spelufo/on-change && \
    go get github.com/kaorimatz/mysqldump-loader@v0.4.1 && \
    go get github.com/lucagrulla/cw && \
    go get github.com/genuinetools/reg@v0.16.1 && \
    wget 'https://git.shore.co.il/shore/toolbox-build/-/jobs/artifacts/master/raw/toolbox.tar.gz?job=build' -O /tmp/toolbox.tar.gz && \
    tar -xzf /tmp/toolbox.tar.gz -C /usr/local/ && \
    wget https://raw.githubusercontent.com/rabbitmq/rabbitmq-server/v3.8.16/deps/rabbitmq_management/bin/rabbitmqadmin -O /usr/local/bin/rabbitmqadmin && \
    chmod +x /usr/local/bin/rabbitmqadmin && \
    mkdir /usr/local/share/bfg && \
    wget 'https://search.maven.org/remote_content?g=com.madgag&a=bfg&v=LATEST' -O /usr/local/share/bfg/bfg.jar && \
    for i in 0.12 0.13 0.14 0.15 1.0; do tfenv install "latest:^$i"; done && \
    tfenv install latest && \
    tfenv use latest && \
    pipenv --completion > /etc/bash_completion.d/pipenv && \
    rabbitmqadmin --bash-completion  > /etc/bash_completion.d/rabbitmqadmin && \
    poetry completions bash > /etc/bash_completion.d/poetry && \
    register-python-argcomplete gitlab > /etc/bash_completion.d/gitlab && \
    invoke --print-completion-script bash > /etc/bash_completion.d/invoke && \
    fab --print-completion-script bash > /etc/bash_completion.d/fabric && \
    helm completion bash > /etc/bash_completion.d/helm && \
    semver-bump completion bash > /etc/bash_completion.d/semver-bump && \
    wget https://raw.githubusercontent.com/docker/compose/1.29.2/contrib/completion/bash/docker-compose -O /etc/bash_completion.d/docker-compose && \
    wget https://raw.githubusercontent.com/ansible-community/molecule/1.25.1/asset/bash_completion/molecule.bash-completion.sh -O /etc/bash_completion.d/molecule && \
    wget https://github.com/mrolli/packer-bash-completion/raw/master/packer -O /etc/bash_completion.d/packer && \
    mkdir /etc/krb5.conf.d && \
    echo 'VARIANT_ID=container' >> /etc/os-release && \
    echo "export PATH=$GOPATH/bin:\$PATH" > /etc/profile.d/workbench.sh && \
    touch /etc/localtime && \
    # pragma: allowlist nextline secret
    sed -i -e 's/ ALL$/ NOPASSWD:ALL/' /etc/sudoers && \
    install -d -m 777 /Volumes && \
    install -d -m 777 /keybase && \
    rm /etc/ssh/ssh_host_* && \
    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/* ~/.cache/* /usr/local/share/brew/Library/Taps/*
COPY --chown=root:root bfg /usr/local/bin/
COPY --chown=root:root bash_completion.d/* /etc/bash_completion.d/
LABEL com.github.containers.toolbox="true" \
      com.github.debarshiray.toolbox="true"
ENV PATH /usr/local/lib/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV HOMEBREW_NO_AUTO_UPDATE 1
VOLUME /run/sshd
CMD ["/bin/bash"]
