[GPCAPIM-289]: Update Docker build process to include dev certificates

- Add INCLUDE_DEV_CERTS argument to control installation of dev certificates
- Modify Dockerfile to handle dev certificates based on the new argument
- Adjust Makefile to pass INCLUDE_DEV_CERTS during the build process

Author: DWolfsNHS

Makefile

@@ -20,6 +20,7 @@ endif
 IMAGE_NAME := ${IMAGE_REPOSITORY}:${IMAGE_TAG}
 COMMIT_VERSION := $(shell git rev-parse --short HEAD)
 BUILD_DATE := $(shell date -u +"%Y%m%d")
+INCLUDE_DEV_CERTS ?= ${DEV_CERTS_INCLUDED}
 # ==============================================================================
 
 # Example CI/CD targets are: dependencies, build, publish, deploy, clean, etc.
@@ -54,7 +55,12 @@ build-gateway-api: dependencies
 .PHONY: build
 build: build-gateway-api # Build the project artefact @Pipeline
 	@echo "Building Docker x86 image using Docker. Utilising python version: ${PYTHON_VERSION} ..."
-	@$(docker) buildx build --platform linux/amd64 --load --provenance=false --build-arg PYTHON_VERSION=${PYTHON_VERSION} --build-arg COMMIT_VERSION=${COMMIT_VERSION} --build-arg BUILD_DATE=${BUILD_DATE} -t ${IMAGE_NAME} infrastructure/images/gateway-api
+	@if [[ -n "$${IN_BUILD_CONTAINER}" ]]; then \
+		echo "building with dev certs ..." ; \
+		$(docker) buildx build --platform linux/amd64 --load --provenance=false --build-arg PYTHON_VERSION=${PYTHON_VERSION} --build-arg COMMIT_VERSION=${COMMIT_VERSION} --build-arg BUILD_DATE=${BUILD_DATE} --build-arg INCLUDE_DEV_CERTS=${INCLUDE_DEV_CERTS} -t ${IMAGE_NAME} infrastructure/images/gateway-api
+	else \
+		$(docker) buildx build --platform linux/amd64 --load --provenance=false --build-arg PYTHON_VERSION=${PYTHON_VERSION} --build-arg COMMIT_VERSION=${COMMIT_VERSION} --build-arg BUILD_DATE=${BUILD_DATE} -t ${IMAGE_NAME} infrastructure/images/gateway-api
+	fi
 	@echo "Docker image '${IMAGE_NAME}' built successfully!"
 
 publish: # Publish the project artefact @Pipeline

infrastructure/images/gateway-api/Dockerfile

@@ -2,21 +2,26 @@
 ARG PYTHON_VERSION=invalid
 FROM python:${PYTHON_VERSION}-alpine3.23 AS gateway-api
 
-RUN apk upgrade --no-cache && \
-    pip install --no-cache-dir --upgrade pip && \
-    addgroup -S nonroot && \
-    adduser -S gateway_api_user -G nonroot
+# Controls whether dev certificates (if present) are installed into this image.
+ARG INCLUDE_DEV_CERTS=false
 
 COPY resources/ /resources
 
 # If dev certificates have been copied into the build context, install them so
 # apk and other HTTPS clients inside this image trust the same CAs as the
 # dev container. This is a no-op when no dev certificates are provided.
-RUN if [ -d /resources/dev-certificates ]; then \
-    cp -r /resources/dev-certificates/* /usr/local/share/ca-certificates/; \
-    update-ca-certificates; \
-    cp -r /resources/dev-certificates/* /etc/ssl/certs/; \
-fi
+RUN if [ "$INCLUDE_DEV_CERTS" = "true" ] && [ -d /resources/dev-certificates ]; then \
+        cp -r /resources/dev-certificates/* /usr/local/share/ca-certificates/; \
+        update-ca-certificates; \
+        cp -r /resources/dev-certificates/* /etc/ssl/certs/; \
+    else \
+        rm -rf /resources/dev-certificates || true; \
+    fi
+
+RUN apk upgrade --no-cache && \
+    pip install --no-cache-dir --upgrade pip && \
+    addgroup -S nonroot && \
+    adduser -S gateway_api_user -G nonroot
 
 WORKDIR /resources/build/gateway-api