FROM jenkins/inbound-agent:latest-bookworm-jdk17 AS jnlp

# USER jenkins
USER root
RUN apt-get update && \
  apt-get -y install ca-certificates curl net-tools pkg-config python3-dev python3-pip \
     python3-setuptools python3.11 python3.11-venv && \
  apt -y install gdebi && \
  curl -O https://www.princexml.com/download/prince_16.1-1_debian12_amd64.deb && \
  gdebi --n ./prince_16.1-1_debian12_amd64.deb && \
  apt-get clean && \
  rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*

ARG DOCKER_VERSION=29.1.3
ARG DOCKER_COMPOSE_VERSION=2.40.3
ARG DOCKER_BUILDX_VERSION=0.30.1
RUN curl -fsSL https://download.docker.com/linux/static/stable/$(uname -m)/docker-$DOCKER_VERSION.tgz \
   | tar --strip-components=1 -xz -C /usr/local/bin docker/docker

ADD https://download.docker.com/linux/debian/dists/bookworm/pool/stable/amd64/docker-compose-plugin_$DOCKER_COMPOSE_VERSION-1~debian.12~bookworm_amd64.deb .
RUN gdebi --n ./docker-compose-plugin_2.40.3-1~debian.12~bookworm_amd64.deb

# Enable buildx plugin
## buildx is released as amd64, and uname calls it x86_64
RUN uname -m > /tmp/arch \
    && sed -i 's/x86_64/amd64/g' /tmp/arch \
    && mkdir -p /usr/libexec/docker/cli-plugins/

RUN curl -fsSL "https://github.com/docker/buildx/releases/download/v$DOCKER_BUILDX_VERSION/buildx-v$DOCKER_BUILDX_VERSION.linux-$(cat /tmp/arch)" > /usr/libexec/docker/cli-plugins/docker-buildx
RUN chmod +x /usr/libexec/docker/cli-plugins/docker-buildx \
    && docker buildx install \
    && rm /tmp/arch

# RUN docker buildx create \
#   --name jenkinsbuilder \
#   --driver docker-container \
#   --bootstrap --use

# gid 988 matches the docker group on candace
RUN groupadd -g 988 docker && \
  usermod -aG docker jenkins

COPY ca-chain.crt /usr/local/share/ca-certificates/ca-chain.crt
RUN /usr/sbin/update-ca-certificates

USER jenkins

RUN mkdir "$HOME/.ssh/" && \
  touch $HOME/.ssh/known_hosts && \
  ssh-keyscan github.com >> ~/.ssh/known_hosts

ENTRYPOINT ["/usr/local/bin/jenkins-agent"]