From 4c0dacec8e729e217aa8766e79500a2810432095 Mon Sep 17 00:00:00 2001
From: Micha Okun <mokun@slac.stanford.edu>
Date: Thu, 10 Oct 2024 13:24:28 -0700
Subject: [PATCH 01/11] feat: init Dockerfile

---
 Dockerfile | 9 +++++++++
 Makefile   | 7 +++++++
 2 files changed, 16 insertions(+)
 create mode 100644 Dockerfile

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..274e50b
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,9 @@
+FROM fedora:latest
+
+WORKDIR /app
+
+COPY . ./
+
+RUN dnf install -y make
+
+RUN make deps
diff --git a/Makefile b/Makefile
index d589719..04a8e81 100644
--- a/Makefile
+++ b/Makefile
@@ -33,3 +33,10 @@ update-sdf-ansible:
 	git submodule update --init --recursive
 
 apply: environment get-secrets update-sdf-ansible
+
+# Docker
+docker_build:
+	docker build --platform linux/amd64 --tag sdf-cli .
+
+docker_run_it: docker_build
+	docker run --tag sdf-cli -it bash

From 33ec253bd997761325c0ce77fa4a832396bed6d0 Mon Sep 17 00:00:00 2001
From: Micha Okun <mokun@slac.stanford.edu>
Date: Thu, 10 Oct 2024 13:35:38 -0700
Subject: [PATCH 02/11] correct run recipe - working deps install

---
 Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index 04a8e81..9997ef7 100644
--- a/Makefile
+++ b/Makefile
@@ -23,8 +23,8 @@ pip:
 
 # OS level dependencies
 deps:
+	dnf install -y python3-devel openldap-devel
 	dnf groupinstall -y "Development Tools"
-	dnf install -y python36-devel openldap-devel
 
 # run this to configure the dev environment
 environment: venv pip
@@ -36,7 +36,7 @@ apply: environment get-secrets update-sdf-ansible
 
 # Docker
 docker_build:
-	docker build --platform linux/amd64 --tag sdf-cli .
+	docker build --platform=linux/amd64 --tag sdf-cli .
 
 docker_run_it: docker_build
-	docker run --tag sdf-cli -it bash
+	docker run --platform=linux/amd64 -it sdf-cli bash

From 85cc25cdb1a0884982d2194f3f4c8ded86dfa706 Mon Sep 17 00:00:00 2001
From: Micha Okun <mokun@slac.stanford.edu>
Date: Thu, 10 Oct 2024 13:44:22 -0700
Subject: [PATCH 03/11] build in stages for caching

---
 Dockerfile | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 274e50b..4f15650 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,14 @@
-FROM fedora:latest
+# deps
+FROM fedora:latest AS deps
 
 WORKDIR /app
-
-COPY . ./
+COPY Makefile .
 
 RUN dnf install -y make
-
 RUN make deps
+
+# build
+FROM deps AS build
+COPY . ./
+
+RUN make apply

From dd748058bb3caaa8d7275639afe97369fd73ac20 Mon Sep 17 00:00:00 2001
From: Micha Okun <mokun@slac.stanford.edu>
Date: Thu, 10 Oct 2024 15:03:09 -0700
Subject: [PATCH 04/11] force python3.11 venv as aiohttp won't build yet on
 3.12

---
 Makefile | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 9997ef7..661f85c 100644
--- a/Makefile
+++ b/Makefile
@@ -13,7 +13,7 @@ clean-secrets:
 	rm -rf etc/.secrets
 
 virtualenv:
-	python3 -m venv .
+	python3.11 -m venv .
 
 venv: virtualenv
 
@@ -23,7 +23,8 @@ pip:
 
 # OS level dependencies
 deps:
-	dnf install -y python3-devel openldap-devel
+#   note aiohttp won't build yet on python3.12 
+	dnf install -y python3.11-devel openldap-devel
 	dnf groupinstall -y "Development Tools"
 
 # run this to configure the dev environment
@@ -38,5 +39,8 @@ apply: environment get-secrets update-sdf-ansible
 docker_build:
 	docker build --platform=linux/amd64 --tag sdf-cli .
 
+docker_build_no_cache:
+	docker build --no-cache --platform=linux/amd64 --tag sdf-cli .
+
 docker_run_it: docker_build
 	docker run --platform=linux/amd64 -it sdf-cli bash

From cf75d52c73a1f9868ec31eafd46496cb57d96310 Mon Sep 17 00:00:00 2001
From: Micha Okun <mokun@slac.stanford.edu>
Date: Thu, 10 Oct 2024 15:09:04 -0700
Subject: [PATCH 05/11] add vault pkgs; working through build_1 stage (make
 environment)

---
 Dockerfile | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4f15650..a28895a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,8 +7,18 @@ COPY Makefile .
 RUN dnf install -y make
 RUN make deps
 
-# build
-FROM deps AS build
+# install vault
+# consider  adding these to Makefile deps recipe unless we need to omit in certain envs
+RUN dnf install -y dnf-plugins-core
+RUN dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
+RUN dnf -y install vault
+
+# build env
+FROM deps AS build_1
 COPY . ./
+RUN make environment
 
-RUN make apply
+# build sdf protected assets
+#FROM build_1 AS build_2
+#RUN make update-sdf-ansible
+#RUN make get-secrets

From bb8b12569258dacded27c37d4680c96c6594310c Mon Sep 17 00:00:00 2001
From: Micha Okun <mokun@slac.stanford.edu>
Date: Thu, 10 Oct 2024 15:25:28 -0700
Subject: [PATCH 06/11] cache env stage prior to protected asset build

---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index a28895a..6a25742 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,6 +19,7 @@ COPY . ./
 RUN make environment
 
 # build sdf protected assets
-#FROM build_1 AS build_2
+FROM build_1 AS build_2
+RUN echo "building protected assets"
 #RUN make update-sdf-ansible
 #RUN make get-secrets

From 3ae590fb8e8371bd56a07091d6242dbeeebd64d9 Mon Sep 17 00:00:00 2001
From: Micha Okun <mokun@slac.stanford.edu>
Date: Thu, 10 Oct 2024 15:37:53 -0700
Subject: [PATCH 07/11] resolve "operation not permitted" vault bin issue

---
 Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 6a25742..f6970c2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,6 +13,9 @@ RUN dnf install -y dnf-plugins-core
 RUN dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
 RUN dnf -y install vault
 
+# resolve "operation not permitted" vault error https://github.com/hashicorp/vault/issues/10924
+RUN setcap -r /usr/bin/vault
+
 # build env
 FROM deps AS build_1
 COPY . ./

From bf99b0c2e964b0fbae3a016baf3dbb6394437689 Mon Sep 17 00:00:00 2001
From: Micha Okun <mokun@slac.stanford.edu>
Date: Fri, 11 Oct 2024 11:17:59 -0700
Subject: [PATCH 08/11] pin urllib3==1.26.15 (requests not compat with urllib3
 2.0.9); omit protected assets from docker image

---
 Dockerfile       | 26 +++++++++++++++-----------
 requirements.txt |  2 ++
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f6970c2..f0330f0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,22 +7,26 @@ COPY Makefile .
 RUN dnf install -y make
 RUN make deps
 
-# install vault
-# consider  adding these to Makefile deps recipe unless we need to omit in certain envs
-RUN dnf install -y dnf-plugins-core
-RUN dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
-RUN dnf -y install vault
-
-# resolve "operation not permitted" vault error https://github.com/hashicorp/vault/issues/10924
-RUN setcap -r /usr/bin/vault
 
 # build env
 FROM deps AS build_1
 COPY . ./
 RUN make environment
 
-# build sdf protected assets
-FROM build_1 AS build_2
-RUN echo "building protected assets"
+
+# DO NOT BAKE SECRETS AND PROTECTED ASSETS INTO PROD IMAGE
+# THIS IS ONLY FOR REFERENCE
+
+## build sdf protected assets
+#FROM build_1 AS build_2
+#RUN echo "building protected assets"
+#
+## install vault
+#RUN dnf install -y dnf-plugins-core
+#RUN dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
+#RUN dnf -y install vault
+# resolve "operation not permitted" vault error https://github.com/hashicorp/vault/issues/10924
+#RUN setcap -r /usr/bin/vault
+#
 #RUN make update-sdf-ansible
 #RUN make get-secrets
diff --git a/requirements.txt b/requirements.txt
index 3ce5dd3..f7471e3 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,5 @@
+# requests pkg does not support urllib3 v2.0.0
+urllib3==1.26.15
 cliff==3.10.1
 #yarl
 #multidict

From 2bd798e10876aa20e0e8fbb379f1b3633e4b1e69 Mon Sep 17 00:00:00 2001
From: Micha Okun <mokun@slac.stanford.edu>
Date: Fri, 11 Oct 2024 15:11:14 -0700
Subject: [PATCH 09/11] use slaclab/sdf-cli tag and make a docker_push recipe

---
 Makefile | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index 661f85c..cc541f1 100644
--- a/Makefile
+++ b/Makefile
@@ -37,10 +37,13 @@ apply: environment get-secrets update-sdf-ansible
 
 # Docker
 docker_build:
-	docker build --platform=linux/amd64 --tag sdf-cli .
+	docker build --platform=linux/amd64 --tag slaclab/sdf-cli .
 
 docker_build_no_cache:
-	docker build --no-cache --platform=linux/amd64 --tag sdf-cli .
+	docker build --no-cache --platform=linux/amd64 --tag slaclab/sdf-cli .
 
 docker_run_it: docker_build
-	docker run --platform=linux/amd64 -it sdf-cli bash
+	docker run --platform=linux/amd64 -it slaclab/sdf-cli bash
+
+docker_push: docker_build
+	docker push slaclab/sdf-cli

From 1967561ee649c416464aff5ee5d01e908b9ea75f Mon Sep 17 00:00:00 2001
From: "Micha R. Okun" <mokun@slac.stanford.edu>
Date: Mon, 13 Jan 2025 17:12:51 -0800
Subject: [PATCH 10/11] Dockerfile changes to test

---
 Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f0330f0..9c5ba26 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,10 +1,11 @@
 # deps
-FROM fedora:latest AS deps
+FROM rockylinux:9.2 AS deps
 
 WORKDIR /app
 COPY Makefile .
 
-RUN dnf install -y make
+RUN dnf install -y epel-release 
+RUN dnf install -y make ansible
 RUN make deps
 
 

From ee412993dade74743e0fd58101cc37f25020904c Mon Sep 17 00:00:00 2001
From: Micha Okun <mokun@slac.stanford.edu>
Date: Wed, 19 Feb 2025 15:00:34 -0800
Subject: [PATCH 11/11] rm unneeded comments

---
 Dockerfile | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9c5ba26..5c3fc7e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,21 +13,3 @@ RUN make deps
 FROM deps AS build_1
 COPY . ./
 RUN make environment
-
-
-# DO NOT BAKE SECRETS AND PROTECTED ASSETS INTO PROD IMAGE
-# THIS IS ONLY FOR REFERENCE
-
-## build sdf protected assets
-#FROM build_1 AS build_2
-#RUN echo "building protected assets"
-#
-## install vault
-#RUN dnf install -y dnf-plugins-core
-#RUN dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
-#RUN dnf -y install vault
-# resolve "operation not permitted" vault error https://github.com/hashicorp/vault/issues/10924
-#RUN setcap -r /usr/bin/vault
-#
-#RUN make update-sdf-ansible
-#RUN make get-secrets