# See the License for the specific language governing permissions and
# limitations under the License.
# ==================================================================================
-FROM python:3.7
+FROM python:3.7-alpine
-ADD . /tmp
+# copy NNG and rmr out of the CI builder nng
+COPY --from=nexus3.o-ran-sc.org:10004/bldr-alpine3:3-a3.9 /usr/local/lib64/libnng.so /usr/local/lib64/libnng.so
+COPY --from=nexus3.o-ran-sc.org:10004/bldr-alpine3:3-a3.9 /usr/local/lib64/librmr_nng.so /usr/local/lib64/librmr_nng.so
-# Install RMR
-RUN apt-get update && apt-get install -y gcc git cmake
-RUN git clone https://gerrit.oran-osc.org/r/ric-plt/lib/rmr
-WORKDIR rmr
-RUN git checkout a012cf63dfdad3656c995cb06c316fd208c63b98
-RUN mkdir .build; cd .build; cmake ..; make install
-
-# Install python-rmr
-RUN pip install --upgrade pip
-
-#install a1
+COPY a1/ /tmp/a1
+COPY tests/ /tmp/tests
+COPY setup.py tox.ini /tmp/
WORKDIR /tmp
-# Run our unit tests
-RUN pip install tox
-RUN tox
+# dir that rmr routing file temp goes into
+RUN mkdir -p /opt/route/
+
+# Gevent needs gcc; TODO: this will get fixed
+RUN apk add gcc musl-dev
-# do the actual install
+# do the actual install; this writes into /usr/local, need root
RUN pip install .
-EXPOSE 10000
-# rmr setups
-RUN mkdir -p /opt/route/
-ENV LD_LIBRARY_PATH /usr/local/lib
+# Switch to a non-root user for security reasons.
+# a1 does not currently write into any dirs so no chowns are needed at this time.
+ENV A1USER a1user
+RUN addgroup -S $A1USER && adduser -S -G $A1USER $A1USER
+USER $A1USER
+
+# misc setups
+EXPOSE 10000
+ENV LD_LIBRARY_PATH /usr/local/lib/:/usr/local/lib64
ENV RMR_SEED_RT /opt/route/local.rt
CMD run.py