FROM hashicorp/packer:light as packer
FROM hashicorp/terraform:light as terraform

FROM alpine:latest AS download

ENV OVFTOOL_VERSION=4.4.1-16812187
ENV OVFTOOL_INSTALLER=VMware-ovftool-${OVFTOOL_VERSION}-lin.x86_64.bundle
ENV OVFTOOL_SHA256=ecdb3dcb58494d643d35661dcda948025661ec12ce615f043e1ec5d4c85de2ce
ARG REPO_USERNAME
ARG REPO_PASSWORD
ADD https://${REPO_USERNAME}:${REPO_PASSWORD}@sn.itch.fyi/Repository/bin/VMware/ovftool/4.4.x/${OVFTOOL_INSTALLER} /tmp/ovftool-installer

RUN openssl s_client -connect api.github.com:443 -msg
RUN apk --update add --no-cache \
      curl \
      jq && \
    curl -L https://api.github.com/repos/mikefarah/yq/releases/latest | \
      jq -r '.assets[] | select(.name | endswith("yq_linux_amd64")) | .browser_download_url' | \
      xargs -I {} curl -L -o /tmp/yq {} && \
    chmod +x /tmp/yq

FROM debian:11-slim

COPY --from=packer /bin/packer /bin/packer
COPY --from=terraform /bin/terraform /bin/terraform
COPY --from=download /tmp/ovftool-installer /tmp/ovftool-installer
COPY --from=download /tmp/yq /bin/yq

ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8

RUN apt-get update && apt-get install -y --no-install-recommends \
      apt-transport-https \
      ca-certificates \
      curl \
      gnupg && \
    curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /usr/share/keyrings/microsoft.gpg && \
    echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/microsoft-debian-bullseye-prod bullseye main" > /etc/apt/sources.list.d/microsoft.list && \
    apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
      # (build-essential) Dependency for installation of InSpec
      build-essential \
      git \
      jq \
      locales \
      make \
      netcat-openbsd \
      openssh-client \
      powershell-lts \
      # (python3-*) Dependency for installation of Ansible
      python3-pip \
      python3-setuptools \
      python3-wheel \
      # (qemu-utils) Dependency for Packer (conversion to raw disk format)
      qemu-utils \
      # (sshpass) Dependency for Packer (non-interactive password authentication)
      sshpass \
      # (xorriso) Dependency for Packer (generating isofs image)
      xorriso \
      yamllint && \
    sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
    locale-gen && \
    pip3 install --upgrade pip && \
    pip3 install \
      ansible-core~=2.14.0 \
      # (jmespath) Dependency for Ansible 'json_query' filter
      jmespath \
      # (netaddr) Dependency for Ansible 'ipaddr' filter
      netaddr \
      # (pyvmomi & requests) Dependency for Ansible 'vmware_guest' module
      pyvmomi \
      requests && \
    update-ca-certificates --fresh && \
    pwsh -Command "Set-PSRepository -Name 'PSGallery' -InstallationPolicy 'Trusted' -Verbose" && \
    pwsh -Command "Install-Module -Name 'powershell-yaml','VMware.PowerCLI' -Verbose" && \
    pwsh -Command "Set-PowerCLIConfiguration -Scope User -ParticipateInCEIP \$False -Confirm:\$False" && \
    sh /tmp/ovftool-installer --console --eulas-agreed --required && \
    apt-get remove -y \
      apt-transport-https \
      build-essential \
      # ca-certificates \
      gnupg && \
    apt-get autoremove -y && \
    rm -rf /var/lib/apt/lists/* && \
    rm -f /tmp/ovftool-installer

ENTRYPOINT []
CMD []