# Setup Rocky Linux image FROM docker-hub-mirror.linecorp.com/rockylinux:9.3 WORKDIR /app # Set Build args ARG DEV_S3_ACCESS_KEY ARG DEV_S3_SECRET_KEY ARG PROD_S3_ACCESS_KEY ARG PROD_S3_SECRET_KEY ARG FLAVA_LOGSTORE_TOKEN ARG EURECA_CA # Set Build env values ENV DEV_S3_ACCESS_KEY=${DEV_S3_ACCESS_KEY} ENV DEV_S3_SECRET_KEY=${DEV_S3_SECRET_KEY} ENV PROD_S3_ACCESS_KEY=${PROD_S3_ACCESS_KEY} ENV PROD_S3_SECRET_KEY=${PROD_S3_SECRET_KEY} ENV FLAVA_LOGSTORE_TOKEN=${FLAVA_LOGSTORE_TOKEN} ENV EURECA_CA=${EURECA_CA} # Add Nexus Athenz repository COPY nexus-yum-athenz.repo /etc/yum.repos.d/ # Install python, pip, athenz tools and dependencies RUN yum update -y && \ yum install -y epel-release && \ yum install -y python3.11 python3.11-pip && \ yum install -y iperf3 && \ yum install -y openssh-clients && \ yum install -y openssl && \ yum install -y --disablerepo=* --enablerepo=nexus-hosted-yum-athenz athenz_tools_jp && \ yum clean all && \ python3.11 -m pip install --upgrade pip COPY . /app/ # Grant write permission to the container user (root) and install Python requirements RUN chown -R root:root /app && \ chmod -R 777 /app && \ python3.11 -m pip install --no-cache-dir -r requirements.txt # EurecaCA test (optional: skip if the cert server is unreachable) RUN curl -o /tmp/eureca_root.pem https://zpki-private-cert-serve.function.funk.xtssk-01.yahoo.co.jp/eureca_root.pem \ && cp /tmp/eureca_root.pem /etc/pki/ca-trust/source/anchors/ \ && update-ca-trust \ || true # CMD to run image on container USER root CMD ["python3.11", "run_cqa_test_app.py"]