From ca5822139b66283d47082b553d0bcdf4e8091a74 Mon Sep 17 00:00:00 2001
From: Sebastian Florek <sebastian@plural.sh>
Date: Fri, 26 Apr 2024 16:12:35 +0200
Subject: [PATCH] add dockerfile to build harness image

---
 Makefile                | 15 ++++++++++++
 hack/harness.Dockerfile | 54 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+)
 create mode 100644 hack/harness.Dockerfile

diff --git a/Makefile b/Makefile
index aecc9069..33c1cb80 100644
--- a/Makefile
+++ b/Makefile
@@ -78,6 +78,21 @@ docker-build: ## build image
 docker-push: ## push image
 	docker push ${IMG}
 
+.PHONY: docker-build-harness
+docker-build-harness: ## build docker harness image
+	docker build \
+    	  	-t harness \
+    		-f hack/harness.Dockerfile \
+    		.
+
+.PHONY: docker-run-harness
+docker-run-harness: docker-build-harness ## build and run docker harness image
+	docker run \
+			harness:latest \
+			--console-url=${PLURAL_CONSOLE_URL}/ext/gql \
+			--console-token=${PLURAL_DEPLOY_TOKEN} \
+			--stack-run-id=${PLURAL_STACK_RUN_ID}
+
 velero-crds:
 	@curl -L $(VELERO_CHART_URL) --output velero.tgz
 	@tar zxvf velero.tgz velero/crds
diff --git a/hack/harness.Dockerfile b/hack/harness.Dockerfile
new file mode 100644
index 00000000..6650b961
--- /dev/null
+++ b/hack/harness.Dockerfile
@@ -0,0 +1,54 @@
+FROM alpine:3.19 as environment
+
+RUN mkdir /plural
+RUN mkdir /tmp/plural
+
+FROM golang:1.22-alpine3.19 as builder
+
+ARG TARGETARCH
+ARG TARGETOS
+ARG VERSION
+
+WORKDIR /workspace
+
+# Retrieve application dependencies.
+# This allows the container build to reuse cached dependencies.
+# Expecting to copy go.mod and if present go.sum.
+COPY go.* ./
+RUN go mod download
+
+COPY cmd/harness ./cmd/harness
+COPY pkg ./pkg
+COPY internal ./internal
+COPY api ./api
+
+RUN CGO_ENABLED=0 \
+    GOOS=${TARGETOS} \
+    GOARCH=${TARGETARCH} \
+    go build \
+    -trimpath \
+    -ldflags="-s -w" \
+    -o /plural/harness \
+    cmd/harness/main.go
+
+FROM hashicorp/terraform:1.8.2 as terraform
+
+FROM busybox:1.35.0-uclibc as busybox
+
+FROM gcr.io/distroless/base-debian12 as final
+
+# Switch to the nonroot user
+USER nonroot:nonroot
+
+# Set up the environment
+# 1. copy plural and tmp directories with proper permissions for the nonroot user
+# 2. copy the static shell into base image <- TODO: shell should not be required for prod image
+# 3. copy the harness binary
+# 4. copy terraform binary
+COPY --chown=nonroot --from=environment /plural /plural
+COPY --chown=nonroot --from=environment /tmp/plural /tmp
+COPY --chown=nonroot --from=busybox /bin/sh /bin/sh
+COPY --from=builder /plural/harness /harness
+COPY --from=terraform /bin/terraform /bin/terraform
+
+ENTRYPOINT ["/harness", "--working-dir=plural"]