# syntax = docker/dockerfile:1.0-experimental
FROM ubuntu:18.04

# From https://github.com/jbrazda/ic-sagent-docker

MAINTAINER Eric Schoville <>

# These are build time arguments that must be set in order to build this image.
# We need the Informatica user name and IICS token in order to build this image.
# POD and REGION can be inferred from the web URL of your Informatica Cloud site.
# The values for POD and REGION probably need changing for you.

ARG USER
ARG POD=usw3
ARG REGION=dm-us

# You should be able to download the Secure Agent binary from the following URL without authentication:

ARG AGENT_URL="https://${POD}.${REGION}.informaticacloud.com/saas/download/linux64/installer/agent64_install_ng_ext.bin"
ARG WORK_DIR=/home/agent/infaagent/apps/agentcore

# Use shell parameter expansion to require arguments for build
# https://stackoverflow.com/questions/38438933/how-to-make-a-build-arg-mandatory-during-docker-build

# Use buildkit build secrets to pass in the token, so it doesn't get stored in the metadata
# https://docs.docker.com/develop/develop-images/build_enhancements/#new-docker-build-secret-information
RUN : "${USER:?Build argument needs to be set and non-empty.}" && \
# install system tools
apt-get update && apt-get install -y \
curl \
less \
locales \
locales-all \
sudo \
unzip

# Set the locale, Locale defaults are necessary for agent to operate correctly
RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
locale-gen
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8

# We need to run docker image under a different user than root
# Secure agent process engine can't be run under root account
RUN useradd --create-home -ms /bin/bash -U agent
USER agent

# 1. Download and prepare Installer
# 2. Set file permissions
# 3. Install using silent install and the default location
# 4. Cleanup
RUN curl -o /tmp/agent64_install.bin $AGENT_URL && \
chmod +x /tmp/agent64_install.bin && \
/tmp/agent64_install.bin -i silent && \
rm -rf /tmp/agent64_install.bin

WORKDIR $WORK_DIR
## Define Volumes for Shared Data Staging area
VOLUME [ "/data" ]
## Ports used by the agent that might be used for external Connections
# 7080 Process Engine Shutdown Port
# 7443 Process Engine https port
# 5432 Process Engine Postgres DB
EXPOSE 7080 7443 5432

COPY run_agent.sh .

# Start the agent, sleep for 10 (probably should refactor to use inotify tools or somesuch),
# and then try to configure the agent with the user and the token that is read from the secrets
# file.

RUN --mount='type=secret,id=agent_token,required,uid=1000' \
./infaagent startup && \
sleep 10 && \
# echo $USER && \
# cat /run/secrets/agent_token && \
# echo "$(cat /run/secrets/agent_token)"
./consoleAgentManager.sh configureToken $USER "$(cat /run/secrets/agent_token)" && \
export EXIT="$(grep -c 'Token is invalid' agentcore.log)" && \
./infaagent shutdown && \
sleep 10 && \
exit $EXIT

CMD [ "./run_agent.sh" ]