# Scanning Engine - Background Scanner Worker
ARG TARGETOS
ARG TARGETARCH

FROM alpine:latest

# Install scanning tools and runtime dependencies
RUN apk add --no-cache \
    ca-certificates \
    tzdata \
    git \
    curl \
    wget \
    bash \
    && update-ca-certificates

# Install Trivy for container scanning
RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin

# Install Grype for vulnerability scanning
RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin

# Create non-root user
RUN addgroup -g 1000 scanner && \
    adduser -D -u 1000 -G scanner scanner

# Create necessary directories
RUN mkdir -p /data/cache /data/scans && \
    chown -R scanner:scanner /data

# Copy binary (from platform-specific path)
ARG TARGETOS
ARG TARGETARCH
COPY ${TARGETOS}/${TARGETARCH}/gohoarder /usr/local/bin/gohoarder
RUN chmod +x /usr/local/bin/gohoarder

# Copy example config
COPY config.yaml.example /etc/gohoarder/config.yaml.example

WORKDIR /data
USER scanner

# Expose metrics port
EXPOSE 9091

# Health check
HEALTHCHECK --interval=60s --timeout=30s --start-period=10s --retries=3 \
    CMD ["/usr/local/bin/gohoarder", "version"] || exit 1

# Environment variables for scanner mode
ENV SCANNER_MODE=true \
    SCANNER_WORKERS=4 \
    SCANNER_INTERVAL=300

# Run the scanner in background mode
# Note: You may need to add a scanner-specific command to your CLI
# For now, this assumes the serve command can run in scanner mode
ENTRYPOINT ["/usr/local/bin/gohoarder"]
CMD ["serve", "--scanner-only"]