FROM quay.io/argoproj/argocd:v2.14.9

# renovate: datasource=github-releases depName=sops packageName=getsops/sops
ARG SOPS_VERSION=v3.10.1
# renovate: datasource=github-releases depName=vals packageName=helmfile/vals
ARG VALS_VERSION=v0.40.1
# renovate: datasource=github-releases depName=helm-secrets packageName=jkroepke/helm-secrets
ARG HELM_SECRETS_VERSION=v4.6.3

ARG ARGOCD_USER_ID="999"

# set Vals
ENV HELM_SECRETS_BACKEND="vals" \
    HELM_SECRETS_HELM_PATH=/usr/local/bin/helm \
    HELM_PLUGINS="/home/argocd/.local/share/helm/plugins/" \
    HELM_SECRETS_VALUES_ALLOW_SYMLINKS=false \
    HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH=true \
    HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL=false \
    HELM_SECRETS_WRAPPER_ENABLED=true \
    KUBECONFIG=/tmp/kubectl.config

# Optionally, set default gpg key for sops files
# ENV HELM_SECRETS_LOAD_GPG_KEYS=/path/to/gpg.key

USER root
RUN apt-get update && \
    apt-get install -y \
      curl && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# sops (use via vals!)
RUN curl -fsSL https://github.com/getsops/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux.amd64 \
    -o /usr/local/bin/sops && chmod +x /usr/local/bin/sops

# vals backend installation
RUN curl -fsSL https://github.com/helmfile/vals/releases/download/${VALS_VERSION}/vals_${VALS_VERSION#v}_linux_amd64.tar.gz \
    | tar xzf - -C /usr/local/bin/ vals \
    && chmod +x /usr/local/bin/vals

# helm-secrets
RUN mkdir -p /home/argocd/.local/share/helm/plugins && \
    curl -fsSL https://github.com/jkroepke/helm-secrets/releases/download/${HELM_SECRETS_VERSION}/helm-secrets.tar.gz \
    | tar -C /home/argocd/.local/share/helm/plugins -xzf- && \
    chown -R root: /home/argocd/.local/share/helm && \
    ln -sf /home/argocd/.local/share/helm/plugins/helm-secrets/scripts/wrapper/helm.sh /usr/local/sbin/helm && \
    sed -i -e 's/secrets/secrets --evaluate-templates/' /home/argocd/.local/share/helm/plugins/helm-secrets/scripts/wrapper/helm.sh && \
    rm -f /usr/local/bin/argocd-repo-server



# replace argocd-repo-server with wrapper to install kubectl config
ADD argocd-repo-server-wrapper.sh /usr/local/bin/argocd-repo-server

# register vals "cmp plugin"
ADD plugin.yaml /home/argocd/cmp-server/config/plugin.yaml

USER ${ARGOCD_USER_ID}