public static Run wrapInstallCommand()

in plugins/docker/base-image/src/main/java/co/elastic/gradle/dockerbase/DockerDaemonActions.java [97:151]

• 51 lines of code
• 4 McCabe index (conditional complexity)

    public static Run wrapInstallCommand(ImageBuildable buildable, String command) {
        final OSDistribution distribution = buildable.getOSDistribution().get();
        final boolean requiresCleanLayers = buildable.getIsolateFromExternalRepos().get();
        return new Run(
                switch (distribution) {
                    case UBUNTU, DEBIAN -> Stream.of(
                            Stream.of(
                                    "cp /var/packages-from-gradle/__META__Packages* /var/packages-from-gradle/Packages.gz"
                            ).filter(s -> requiresCleanLayers),
                            Stream.of(
                                    "rm -f /etc/apt/apt.conf.d/docker-clean",
                                    """
                                                echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/docker-dirty
                                            """.trim()
                            ).filter(s -> !requiresCleanLayers),
                            Stream.of("apt-get update", command),
                            Stream.of(
                                    "apt-get clean",
                                    "rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apt/apt.conf.d/90sslConfig"
                            ).filter(s -> requiresCleanLayers)
                    ).flatMap(s -> s).collect(Collectors.toList());
                    case CENTOS -> Stream.of(
                            Stream.of(
                                    "cd /var/packages-from-gradle/",
                                    "tar -xf __META__repodata*"
                            ).filter(s -> requiresCleanLayers),
                            Stream.of(command),
                            Stream.of(
                                    "yum clean all",
                                    "rm -rf /var/cache/yum /tmp/* /var/tmp/*"
                            ).filter(s -> requiresCleanLayers)
                    ).flatMap(
                            Function.identity()
                    ).collect(Collectors.toList());
                    case WOLFI -> {
                        final String archDir = Architecture.current().name().toLowerCase(Locale.ROOT);
                        yield Stream.of(
                                Stream.of("cd /var/packages-from-gradle/ && " +
                                          "mkdir '" + archDir + "' && " +
                                          "mv *.apk '" + archDir + "' &&" +
                                          "mv __META__Packages* '" + archDir + "/APKINDEX.tar.gz' &&" +
                                          "apk update --allow-untrusted").filter(s -> requiresCleanLayers),
                                // When building the lock-file we do NOT allow untrusted sources
                                Stream.of(command.replace("apk add", "apk add --no-cache")).filter(s -> !requiresCleanLayers),
                                // When we're building the actual image, everything is coming from Gradle, so it's safe
                                // and already checked (as long as dependency verification is enabled)
                                // The package db itself is not signed, so we need to allow untrusted
                                Stream.of(command.replace("apk add", "apk add --allow-untrusted")).filter(s -> requiresCleanLayers)
                        ).flatMap(
                                Function.identity()
                        ).collect(Collectors.toList());
                    }
                }
        );
    }