FROM jenkins/inbound-agent:latest-bookworm-jdk17 AS jnlp

# USER jenkins
USER root
RUN apt-get update && \
  apt-get install -y python3.11 python3-dev python3-pip python3-setuptools python3.11-venv ca-certificates curl pkg-config

RUN curl -O https://www.princexml.com/download/prince_20240704-1_debian12_amd64.deb
RUN apt-get install -y ./prince_20240704-1_debian12_amd64.deb

ARG DOCKER_VERSION=24.0.6
ARG DOCKER_COMPOSE_VERSION=1.21.0
ARG DOCKER_BUILDX_VERSION=0.30.1
RUN curl -fsSL https://download.docker.com/linux/static/stable/`uname -m`/docker-$DOCKER_VERSION.tgz | tar --strip-components=1 -xz -C /usr/local/bin docker/docker
RUN curl -fsSL https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose

# Enable buildx plugin
## buildx is released as amd64, and uname calls it x86_64
RUN uname -m > /tmp/arch \
    && sed -i 's/x86_64/amd64/g' /tmp/arch \
    && mkdir -p /usr/libexec/docker/cli-plugins/

RUN curl -fsSL https://github.com/docker/buildx/releases/download/v$DOCKER_BUILDX_VERSION/buildx-v$DOCKER_BUILDX_VERSION.linux-`cat /tmp/arch` > /usr/libexec/docker/cli-plugins/docker-buildx
RUN chmod +x /usr/libexec/docker/cli-plugins/docker-buildx \
    && docker buildx install \
    && rm /tmp/arch

RUN docker buildx create \
  --name jenkinsbuilder \
  --driver docker-container \
  --bootstrap --use

RUN groupadd docker
RUN usermod -aG docker jenkins
# RUN python3 -m ensurepip --upgrade
# RUN pip3 install --no-cache --upgrade pytz

# USER root
# ADD ca-chain.der .

# RUN $JAVA_HOME/bin/keytool -noprompt -alias local-CA \
#   -keystore "$JAVA_HOME/jre/lib/security/cacerts" \
#   -import -file ca-chain.der \
#   -storepass changeit

# USER jenkins
# COPY --from=jnlp /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-agent
# COPY --from=jnlp /usr/share/jenkins/agent.jar /usr/share/jenkins/agent.jar

COPY ca-chain.crt /usr/local/share/ca-certificates/ca-chain.crt
RUN /usr/sbin/update-ca-certificates

USER jenkins

RUN mkdir $HOME/.ssh/
RUN touch $HOME/.ssh/known_hosts
RUN ssh-keyscan github.com >> ~/.ssh/known_hosts

ENTRYPOINT ["/usr/local/bin/jenkins-agent"]