From fd5c837c9606d9f12be9ca51cef03821b84afae0 Mon Sep 17 00:00:00 2001
From: medusa <newton214@gmail.com>
Date: Mon, 30 Jun 2025 09:06:42 +0000
Subject: [PATCH] Update tech_docs/automation/ansible-build.txt

---
 tech_docs/automation/ansible-build.txt | 87 +++++++++++++-------------
 1 file changed, 42 insertions(+), 45 deletions(-)

diff --git a/tech_docs/automation/ansible-build.txt b/tech_docs/automation/ansible-build.txt
index 573135a..fa51aa1 100644
--- a/tech_docs/automation/ansible-build.txt
+++ b/tech_docs/automation/ansible-build.txt
@@ -1,70 +1,64 @@
+# Base Image and Environment Setup
 FROM python:slim
+ENV DEBIAN_FRONTEND=noninteractive
 
-ENV DEBIAN_FRONTEND noninteractive
-
+# Package Installation
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
-    software-properties-common \
-    openssh-client \
-    sshpass \
-    locales \
-    # bat \
-    bash \
-    git \
-    curl \
-    rsync \
-    zsh \
-    nano \
-    sudo \
-    less \
-    # #new
-    # gcc \
-    # python3-dev \
-    # #end-new
+        software-properties-common \
+        openssh-client \
+        sshpass \
+        locales \
+        bash \
+        git \
+        curl \
+        rsync \
+        zsh \
+        nano \
+        sudo \
+        less \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
     && rm -Rf /usr/share/doc && rm -Rf /usr/share/man
 
+# User Creation
 ARG USERNAME=ansible
 ARG USER_UID=1000
-ARG USER_GID=$USER_UID
-ENV HOME=/home/$USERNAME
-RUN groupadd --gid $USER_GID $USERNAME
-RUN useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME
-RUN echo $USERNAME ALL=\(root\) NOPASSWD:ALL >/etc/sudoers.d/$USERNAME
-RUN chmod 0440 /etc/sudoers.d/$USERNAME
+ARG USER_GID=${USER_UID}
+ENV HOME=/home/${USERNAME}
+RUN groupadd --gid "${USER_GID}" "${USERNAME}" \
+    && useradd -s /bin/bash --uid "${USER_UID}" --gid "${USER_GID}" -m "${USERNAME}" \
+    && echo "${USERNAME} ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/"${USERNAME}" \
+    && chmod 0440 /etc/sudoers.d/"${USERNAME}"
 
+# Python Package Installation
 RUN pip3 install --no-cache-dir \
     ansible \
-    # ansible-cmdb \
-    # ansible-runner \
-    # ansible-builder \
-    # ansible-test \
     ara \
     hvac \
-    # molecule \
     dnspython \
     jmespath \
     "hvac[parser]" \
     certifi \
     ansible-lint \
     ansible-modules-hashivault
-    # ansible-autodoc
 
-# COPY --from=hashicorp/consul-template /consul-template /usr/local/bin/consul-template
-# COPY --from=hashicorp/envconsul /bin/envconsul /usr/local/bin/envconsul
-COPY --from=hashicorp/vault /bin/vault  /usr/local/bin/vault
+# Multi-Stage Builds (Copying Binaries from other images)
+COPY --from=hashicorp/vault /bin/vault /usr/local/bin/vault
 COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
 COPY --from=donaldrich/function:container /usr/local/bin/goss /usr/local/bin/goss
-COPY --from=donaldrich/function:task      /usr/local/bin/tusk /usr/local/bin/tusk
-COPY --from=donaldrich/function:task      /usr/local/bin/task /usr/local/bin/task
-COPY --from=donaldrich/function:task      /usr/local/bin/variant /usr/local/bin/variant
+COPY --from=donaldrich/function:task \
+    /usr/local/bin/tusk /usr/local/bin/tusk \
+    /usr/local/bin/task /usr/local/bin/task \
+    /usr/local/bin/variant /usr/local/bin/variant
 COPY --from=donaldrich/function:syntax-tools /usr/local/bin/jq /usr/local/bin/jq
 
+# Zsh Configuration
 COPY --from=donaldrich/runner:zsh /zsh/ /zsh/
 COPY --from=donaldrich/runner:zsh --chown=ansible:ansible /zsh/.zshrc /home/ansible/.zshrc
 COPY --from=donaldrich/runner:zsh --chown=ansible:ansible /zsh/.nanorc /home/ansible/.nanorc
 
+# Environment Variables
 ENV ANSIBLE_GATHERING smart
 ENV ANSIBLE_HOST_KEY_CHECKING false
 ENV ANSIBLE_RETRY_FILES_ENABLED false
@@ -72,22 +66,25 @@ ENV ANSIBLE_FORCE_COLOR true
 ENV GOSS_FMT documentation
 ENV GOSS_COLOR true
 
+# Optional ARA API Server configuration (uncomment if needed)
 # ENV ANSIBLE_CALLBACK_PLUGINS="$(python3 -m ara.setup.callback_plugins)"
 # ENV ARA_API_CLIENT="http"
 # ENV ARA_API_SERVER="http://192.168.1.101:8734"
 
-RUN echo "LC_ALL=en_US.UTF-8" >> /etc/environment
-RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
-RUN echo "LANG=en_US.UTF-8" > /etc/locale.conf
-RUN locale-gen en_US.UTF-8
+# Locale Configuration
+RUN echo "LC_ALL=en_US.UTF-8" >> /etc/environment \
+    && echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen \
+    && echo "LANG=en_US.UTF-8" > /etc/locale.conf \
+    && locale-gen en_US.UTF-8
 
+# Copy Local Files into the image
 COPY ./tusk-docker.yml ./tusk.yml
 COPY ./goss.yaml ./goss.yaml
 COPY ./goss2.yaml ./goss2.yaml
-COPY ./Dockerfile ./Dockerfile
+COPY ./Dockerfile ./Dockerfile # Often copied for auditing/debugging within the container
 
+# Switch to the non-root user (good practice for security)
 # USER ${USERNAME}
 
-ENV DEBIAN_FRONTEND=dialog
-
-RUN goss validate
+# Final validation step (runs tests on the image)
+RUN goss validate
\ No newline at end of file