# ==================================================================================
-# Copyright (c) 2019 Nokia
-# Copyright (c) 2018-2019 AT&T Intellectual Property.
+# Copyright (c) 2019-2020 Nokia
+# Copyright (c) 2018-2020 AT&T Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
# ==================================================================================
-FROM python:3.7
-ADD . /tmp
+# This container uses a 2 stage build!
+# Tips and tricks were learned from: https://pythonspeed.com/articles/multi-stage-docker-python/
+FROM python:3.8-alpine AS compile-image
+# Gevent needs gcc, make, file, ffi
+RUN apk update && apk add gcc musl-dev make file libffi-dev
-# Install RMR
-RUN apt-get update && apt-get install -y gcc git cmake
-RUN git clone https://gerrit.oran-osc.org/r/ric-plt/lib/rmr
-WORKDIR rmr
-RUN git checkout a012cf63dfdad3656c995cb06c316fd208c63b98
-RUN mkdir .build; cd .build; cmake ..; make install
+# Switch to a non-root user for security reasons
+# This is only really needed in stage 2 however this makes the copying easier and straitforward! --user doesn't do the same thing if run as root!
+RUN addgroup -S a1user && adduser -S -G a1user a1user
+USER a1user
-# Install python-rmr
-RUN pip install --upgrade pip
+# Speed hack; we install gevent FIRST because when building repeatedly (eg during dev) and only changing a1 code, we do not need to keep compiling gevent which takes forever
+RUN pip install --upgrade pip && pip install --user gevent
+COPY setup.py /home/a1user/
+COPY a1/ /home/a1user/a1
+RUN pip install --user /home/a1user
-#install a1
-WORKDIR /tmp
-RUN pip install .
-EXPOSE 10000
-
-# rmr setups
+###########
+# 2nd stage
+FROM python:3.8-alpine
+# dir that rmr routing file temp goes into
RUN mkdir -p /opt/route/
-ENV LD_LIBRARY_PATH /usr/local/lib
+# python copy; this basically makes the 2 stage python build work
+COPY --from=compile-image /home/a1user/.local /home/a1user/.local
+# copy rmr .so from builder image in lieu of an Alpine package
+COPY --from=nexus3.o-ran-sc.org:10002/o-ran-sc/bldr-alpine3-rmr:3.8.0 /usr/local/lib64/librmr_si.so /usr/local/lib64/librmr_si.so
+# Switch to a non-root user for security reasons. a1 does not currently write into any dirs so no chowns are needed at this time.
+RUN addgroup -S a1user && adduser -S -G a1user a1user
+USER a1user
+# misc setups
+EXPOSE 10000
+ENV LD_LIBRARY_PATH /usr/local/lib/:/usr/local/lib64
ENV RMR_SEED_RT /opt/route/local.rt
+ENV PYTHONUNBUFFERED 1
+# This step is critical
+ENV PATH=/home/a1user/.local/bin:$PATH
+# Run!
CMD run.py