# syntax=docker/dockerfile:1
# Base image (Ubuntu 22.04 from CIO)
FROM acncio.azurecr.io/ubuntu22.04cio-base:latest AS GaiaAPI
# Arguments for dependency installation and PYQPL library location
# Options for INSTALL_DEPENDENCIES: [ldap], [genai], [all], or leave empty
ARG INSTALL_DEPENDENCIES=""
ARG PYQPL_LOCATION=lib/pyqpl-1.1.4-py3-none-any.whl
# Set GAIA_ENV as an environment variable, default value is 'default'
ARG GAIA_ENV=system_default
ENV GAIA_ENV=$GAIA_ENV
# Set CONFIG_URL as an environment variable, for custom configuration JSON file path
ARG CONFIG_URL=''
ENV CONFIG_URL=$CONFIG_URL
# Set number of Uvicorn workers, typically 1 is recommended in Docker
ARG UVICORN_WORKERS=1
ENV UVICORN_WORKERS=$UVICORN_WORKERS
# Set protocol (default 'http') as an environment variable
ARG PROTOCOL=http
ENV PROTOCOL=$PROTOCOL
# Set host for GAIA API, necessary unless default entrypoint is removed
ARG HOST=0.0.0.0
ENV HOST=$HOST
# Set port for GAIA API, necessary unless default entrypoint is removed
ARG PORT=8085
ENV PORT=$PORT
# Set domain name for GAIA API, necessary unless default entrypoint is removed
ARG DOMAIN_NAME=host.docker.internal
ENV DOMAIN_NAME=$DOMAIN_NAME
# Set cookie domain name for GAIA API, necessary unless default entrypoint is removed
ARG COOKIE_DOMAIN_NAME=''
ENV COOKIE_DOMAIN_NAME=$COOKIE_DOMAIN_NAME
# Set engine URL for GAIA API, necessary unless default entrypoint is removed
ARG ENGINE_URL=http://host.docker.internal:9200
ENV ENGINE_URL=$ENGINE_URL
# Set path to certificates, necessary only if mailer is enabled using custom SMTP
ARG CERTIFICATES_PATH=''
ENV CERTIFICATES_PATH=$CERTIFICATES_PATH
# Set AWS Elasticsearch credentials, only if using AWS service
ARG AWS_SERVICE=es
ENV AWS_SERVICE=$AWS_SERVICE
ARG AWS_REGION=us-east-1
ENV AWS_REGION=$AWS_REGION
# Set AWS Access Key and Session Token, required only if using access key and token
ARG AWS_ACCESS_KEY_ID=default-key
ENV AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY=default-secret
ENV AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
ARG AWS_SESSION_TOKEN=default-token
ENV AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN
# Set to allow empty queries on search
ARG ALLOW_EMPTY_QUERY=false
ENV ALLOW_EMPTY_QUERY=$ALLOW_EMPTY_QUERY
# JWKS (JSON Web Key Set) URL is a location where public keys used for verifying JSON Web Tokens (JWTs) can be retrieved
ARG DELEGATE_JWKS_URL=''
ENV DELEGATE_JWKS_URL=$DELEGATE_JWKS_URL
# The LDAP server URL. It specifies the network address and protocol for connecting to the LDAP server.
ARG LDAP_URL=''
ENV LDAP_URL=$LDAP_URL
# Contains the password or credentials associated with the bindDN. It is used for authentication when establishing a
# connection with the LDAP server.
ARG LDAP_CREDENTIALS=''
ENV LDAP_CREDENTIALS=$LDAP_CREDENTIALS
# Contains bindDN of the user to connect with ldap and check the users.
ARG LDAP_BIND_DN=''
ENV LDAP_BIND_DN=$LDAP_BIND_DN
# Contains the searchBase to where in the LDAP look for the users.
ARG LDAP_SEARCH_BASE=''
ENV LDAP_SEARCH_BASE=$LDAP_SEARCH_BASE
# Unique identifier assigned to the client application by the IdP. It identifies the client application during
# authentication and authorization requests.
ARG OIDC_CLIENT_ID=''
ENV OIDC_CLIENT_ID=$OIDC_CLIENT_ID
# URI to the OpenID Connect configuration values from the provider\'s Well-Known Configuration Endpoint
ARG OIDC_OPENID_CONFIG_URI=''
ENV OIDC_OPENID_CONFIG_URI=$OIDC_OPENID_CONFIG_URI
# The secret used to sign and decrypt the JWT. Does not apply with Delegated
ARG AUTH_SECRET=52ecfd60e01b800355a8ce59780f9243b4662c3a236394ee
ENV AUTH_SECRET=$AUTH_SECRET
# IA Assistant #############################################################
# URI to the OpenID Connect configuration values from the provider's Well-Known Configuration Endpoint
ARG ASSISTANT_INDEX=''
ENV ASSISTANT_INDEX=$ASSISTANT_INDEX
# This is your openai key to use the chat from your service provider
ARG OPENAI_API_KEY=''
ENV OPENAI_API_KEY=$OPENAI_API_KEY
# Base url of your service provider for open ai chat
ARG OPENAI_ENDPOINT=''
ENV OPENAI_ENDPOINT=$OPENAI_ENDPOINT
# Api version of the openai chat
ARG OPENAI_API_VERSION=''
ENV OPENAI_API_VERSION=$OPENAI_API_VERSION
# Name of the model to be used
ARG OPENAI_MODEL=''
ENV OPENAI_MODEL=$OPENAI_MODEL
# List of function which would trigger and exit of the loop pipeline
ARG ASSISTANT_EXIT_FUNCTIONS=''
ENV ASSISTANT_EXIT_FUNCTIONS=$ASSISTANT_EXIT_FUNCTIONS
# Change user to ROOT
USER root:root
# Install python 3.11 and other dependencies on OS
RUN apt-get update && apt-get install -y\
pkg-config\
libxml2-dev\
libxmlsec1\
libxmlsec1-dev\
libxmlsec1-openssl\
xmlsec1\
build-essential\
curl\
iputils-ping\
libnss3-dev\
libgdbm-dev\
libncurses5-dev\
libssl-dev\
libffi-dev\
libreadline-dev\
libsqlite3-dev\
libbz2-dev\
software-properties-common\
vim\
wget\
zlib1g-dev\
# Installiing Python 3.11.9
&& wget https://www.python.org/ftp/python/3.11.9/Python-3.11.9.tgz\
&& tar xvf Python-3.11.9.tgz\
&& cd Python-*/\
&& ./configure --enable-optimizations\
&& make altinstall\
&& ln -s -f /usr/local/bin/python3.11 /usr/local/bin/python\
&& ln -s -f /usr/local/bin/pip3.11 /usr/local/bin/pip\
&& cd ..\
&& rm Python-3.11.9.tgz\
&& rm -rf Python-3.11.9
# Create our work directory
WORKDIR /gaia_api
# Change work directory ownership to root-less user
RUN chown appuser:appgroup /gaia_api
# Copy GaiaAPI source and change ownership to root-less user
COPY --chown=appuser:appgroup . .
# Installiing all SAPI dependencies
RUN /bin/sh -c pip install --upgrade pip\
&& pip install --no-cache-dir lxml>=4.9.0\
&& pip install --no-cache-dir xmlsec\
&& pip install --no-cache-dir -e ".$INSTALL_DEPENDENCIES"\
# PYQPL from the local lib folder, check the VERSION before installing!
&& pip install --no-cache-dir $PYQPL_LOCATION
# Export GaiaAPI PORT
EXPOSE $PORT
# Change back to the root-less user
USER appuser:appgroup
# Default startup script command to run Uvicorn with specified configurations
ENTRYPOINT ["/bin/bash", "/gaia_api/startup.sh"]