# (from) July 7 2022
# This repo will be actively worked on from now.
# This file will be a ToDo/bits'n'bobs list of things to take care of

ckan/ckan-docker-base: For the base images Dockerfiles (prod and dev) and related scripts
ckan/ckan-docker: For the project-oriented image template (prod and dev). Patching only done in Dev ### This repo!

All the other images should live in separate repos

1. Solr -           use ckan-solr   (https://github.com/ckan/ckan-solr)
2. PostgreSQL -     use current method (base image: postgres:12-alpine from DockerHub, enhanced in a Dockerfile) 
                    ### This may change to be more like Solr though
3. Redis -          use current method (DockerHub image: redis:${REDIS_VERSION} specified as a compose service in the compose file) 
                    latest image to used is redis:6
4. nginx -          use a late(ish) nginx image from DockerHub, enhanced in a Dockerfile)
5. DataPusher -     built from the actual datapusher repo (https://github.com/ckan/datapusher)
6. CKAN -           built from the ckan/ckan-base:2.9.5 base image (which is built from the ckan/ckan-docker-base repo). Include a .dev option
7. CKAN Worker -    add new (ckan worker) container in the compose setup...maybe have it commented out initially

Versions 2.9 and 2.10 (when it's out) only. Plan the repo layout for having multiple versions - OKFN could used as an example

NB:  Had to update the prerun.py script as it was failing on check_solr_connection


### ToDo (remaining things to think about and/or 'to fix') ###

1.  DataPusher - needed to use a custom requirements.txt as the official didn't work (see https://github.com/ckan/datapusher/pull/251)
2.  Use Multi-Stage images defined in Dockerfile - get the CKAN images down to bare-bones...for security reasons really
    General Dockerfile flow of stages:
    - base: all prod dependencies, no code yet
    - dev, from base: all dev dependencies, no code yet (in dev, source code is bind-mounted anyway)
    - source, from base: add code
    - test/audit, from source: then COPY --from=dev for dev dependencies, then run tests. Optionally, audit and lint code (if you don't do it on git push already).
    - prod, from source: no change from source stage, but listed last so in case a stage isn't targeted, the builder will default to this stage 
    Also check out https://github.com/ckan/ckan/pull/4635 for Francesco's test stuff
3.  CKAN Worker (maybe)
4.  Implement SSL for the nginx container or include a howto in the docs


### Container Canary notes

A list of what tests to run on the Docker containers to verify they have been built correctly

- Check the user name and the uid/gid
- Check the ports the container is listening on
- Check an httpget on the URL
- any command can be executed in the running container and can be configured t run every x minutes
- check processes running as non root 
-